Survey Data Reveals Misplaced Complacency, False Sense of Security with AI
MONTREAL – Today, software developer Devolutions announced results from its fourth annual survey, which examined the state of IT security for companies around the world that identify as small and medium businesses (SMBs). The results from the survey are packaged in a new report titled, “The State of IT Security for SMBs in 2023–2024.” While most of the survey respondents believe they have adequate protection against cyber risks, the new report from Devolutions poses the question: Is that confidence well placed? While many organizations are using the right tools for the moment, the threat surface continues to grow and there is a false sense of complacency among many of the respondents.
The Threat Landscape for SMBs
Despite advancements in IT security measures, SMBs remain firmly in the crosshairs of cybercriminals. In 2023 alone, nearly 43% of all cyberattacks were directed at SMBs – with the monetary repercussions ranging from $120,000 to $1.24 million USD per episode, depending on multiple factors such as the volume of compromised records. Spikes in incidents such as ransomware payments and Internet of Things (IoT) malware attacks indicate that this year has been particularly challenging. The stakes are higher than ever, as technology — notably artificial intelligence (AI) — serves as both a tool and a potential threat, underscoring the need to commit more resources to IT security and stay vigilant.
Devolutions’ survey, which was conducted between March and May 2023, polled 217 global SMBs operating in the IT field. Devolutions CEO David Hervieux states, “The results from our survey dovetail nicely with October’s National Cybersecurity Awareness Month — as one of our primary goals with this report is to expand awareness of the vulnerabilities that many SMBs face. It’s not just about presenting stats but about truly educating the industry on the various pitfalls — and how SMBs can use the survey findings to identify gaps, develop strategies, and make informed decisions regarding their cybersecurity posture.”
The following are some notable takeaways from the survey data and resulting report.
Overconfidence in AI Security
When asked about their use of AI, 56% of respondents indicated that they were either very or reasonably confident in its security — but Devolutions urges caution in being too complacent with the security risks associated with AI. According to Devolutions’ CISO Martin Lemay, “While AI is an exciting technology, it relies on enormous quantities of data, which is susceptible to being misused. Therefore, it is vital to establish adequate governance and rigorous data legislation to prevent abuse.”
The Risk of Complacency
It’s not just AI in which SMBs are feeling overconfident. While nearly 80% of the respondents considered themselves well protected against cyber threats in general, less than 60% actually employ essential security tools like password managers, two-factor authentication, or cybersecurity training. Various factors contribute to this disconnect between perception and reality — including the tendency to underestimate the evolving complexity of cyberattacks, which are becoming increasingly sophisticated. Employee behavior and a lack of adequate cybersecurity training can further weaken the defense infrastructure, as end users are commonly viewed as the most vulnerable element in the cybersecurity equation.
PAM Deployment Challenges
While the survey revealed an 8% increase in the deployment of Privileged Access Management (PAM) solutions from last year — and 95% recognize the importance of having a PAM solution in place — the flip side is that 35% of respondents reported negative experiences with their PAM solution. This dissatisfaction could signify implementation challenges, solutions that were too complicated, or a lack of training. These findings underscore the importance of SMBs using an appropriate PAM solution tailored for their needs, rather than complicated PAM solutions that are designed for large enterprises.
Planning for the Future
A positive from the survey data is the increase in budget allocation for cybersecurity, with 51% of respondents now meeting the recommended spend — and 86% employing cybersecurity expertise either in-house or through external consultants such as MSPs and MSSPs. Lemay summarizes, “We are in the era of the digital Wild West, where threats abound. SMBs must develop a defense capability to protect their interests and all their stakeholders against predictable opportunities for cyberattacks. Whether this capability is developed in-house or outsourced, cybersecurity expertise is crucial to health and well-being of SMBs’ future.”
For more information about Devolutions and their solutions, please visit devolutions.net. To download a copy of the “The State of IT Security for SMBs in 2023–2024,” visit this link.
About Devolutions
Established in 2010, Devolutions is a Canadian company located near Montreal, Quebec. With more than 800,000 users in over 140 countries, Devolutions is on a mission to develop innovative software that helps users cost-effectively, simply and effectively achieve their remote desktop management, password management, privileged access management, and cybersecurity goals. The company is also committed to providing exceptional technical support, ensuring an excellent user experience that exceeds expectations, and delivering high performance with superior quality. For more information about Devolutions and its solutions, visit devolutions.net, follow the company on LinkedIn, X (formerly Twitter), and Instagram; like its Facebook page; or subscribe to its YouTube channel.
