UK SMEs to boost reliance on managed security services

UK SMEs are projected to increase their dependence on managed security services in 2025, according to research by Six Degrees.

The research, titled "Mapping the UK SME Cyber Security Landscape in 2025," found that two-thirds of SMEs expected to increase their reliance on such services over the next year, with 80% considering this a positive step. Only 13% anticipated being less reliant, while 19.5% expected no change in their level of reliance.

The study highlighted that the foremost reasons driving SMEs to purchase managed security services were a lack of specialist skills necessary to manage complex cybersecurity solutions (37%), followed closely by the need to comply with legal, industry-specific, and regulatory requirements (36%).

Other factors influencing this trend include handling the increasing volume and sophistication of cyber-attacks (34%), needing to cope with spikes in cybersecurity activity (31%), and requiring around-the-clock support (28%). Surprisingly, more than one-fifth of SMEs indicated they were utilising managed services to transfer responsibility to third parties.

Commenting on the findings, Vince DeLuca, Chief Executive Officer at Six Degrees, said: "I welcome these candid responses from the UK's SME community. We've instinctively known for some time that a significant number of cyber security service purchases are driven by the need to demonstrate compliance with directives, regulations, and laws. We also understand that the ongoing cyber security skills shortage leaves these organisations increasingly vulnerable to cyber-attacks - exposing them to risks that could jeopardise that compliance. That heightened risk makes it all the more likely that they would want to shift their responsibility to a third party."

He further explained, "However, if a cyber security solutions or services provider has open and honest discussions with its customers, then those customers will know purchasing a cyber security solution means accepting a shared risk profile - it's not a way for businesses to abdicate responsibilities. The cyber security tool or service purchase and its ongoing management must also form part of a broader strategy that informs business change in every single context. If you don't re-engineer your organisation to be secure, no amount of tooling will fix it."

The intention to increase dependence on managed security services can also be seen as an effort by SMEs to tackle cybersecurity challenges. The study outlined eleven common frustrations among SMEs, including implementation costs (43%), implementation times (37%), inability to fully utilise existing solutions (33%), and the loss of in-house cybersecurity expertise (24%).

Vince DeLuca noted, "There's a direct link between the lack of specialist skills needed to operate cyber security solutions and some of the biggest cyber security frustrations encountered by SMEs - including implementation delays, increased project costs, and an inability to fully utilise existing solutions. By increasing their reliance on managed security services, SMEs are taking proactive steps to address these skills shortages and, therefore, resolve their frustrations. This also explains why most think it's a good idea to lean more heavily on managed security services."