top of page
Lack of IT budget challenges firms

The biggest security challenge facing small business is lack of IT budget, says one in two small companies, according to additional findings from a Netwrix ( survey conducted in February 2023 amongst security and IT professionals from 106 countries.

According to the survey, small organisations with less than 100 employees experience the same cyberthreats as the respondents overall, with the most common security incidents being phishing, ransomware, and user acc
ount compromise.  However, smaller organizations usually have less resources and experience with which to address security threats.

“Cost efficiency is top of mind for small organizations,” says Dirk Schrader, Vice President of Security Research, Netwrix.  “To improve their security posture, these organizations may want to seek out solutions that are tuned for the unique cost and security needs of small businesses.  In addition, partnering with a vendor that offers multiple solutions is a way to get a larger discount for using several tools.”

When asked what they would do to improve the security posture of their small organization if they had a chance to decide on their own, respondents cited IT staff training as a top choice.
“One option for addressing the lack of cybersecurity expertise is to consider outsourcing security-related tasks to a managed service provider (MSP) or managed security service provider (MSSP),” adds Dmitry Sotnikov, Vice President of Product Management, Netwrix.  “This approach not only eliminates the need to hire additional internal IT talent but can also reduce the cost of maintaining security software.  For example, if a new compliance requirement arises, the MSP can make the necessary changes once, implement them across their customer base, and share the cost of the customisation among those clients.”

According to Netwrix’s research, more than two-thirds (68%) of small organizations have a hybrid IT architecture.  Interestingly, only 45% of the small organizations which are exclusively on-premises, plan to adopt cloud technologies, compared to 69% among respondents overall.
“On one hand, there are a lot of cloud-native small businesses, born when cloud was already an integral part of the IT landscape.  On the other hand, many small organizations made significant investments into their on-premises infrastructure and may not have the budget or resources to then migrate to the cloud,” says Schrader.
“Lack of experience and fear of moving to the cloud can also hinder cloud adoption in small organizations.  To benefit from the greater flexibility that comes from transferring some security-related tasks to a cloud provider, smaller organizations can engage an MSP to map the most effective cloud migration path for their business and consider using security tools that cover both on-premises and cloud infrastructure,” adds Sotnikov.

The additional findings report can be found at
bottom of page