Share This Article
For small and medium-sized enterprises (SMEs), staying abreast of cybersecurity developments is critical — not just to growth, but to the company’s bottom line. But security evolves quickly, and it can be hard to keep up.
In the midst of this fast-evolving security environment, AI has made a bold entrance. So bold, in fact, that only 10% of SMEs aren’t using AI and don’t plan to, according to a recent JumpCloud research report.
With this rapid adoption have come significant gains and uncharted concerns, seemingly in equal measure. This blog will explore AI’s ramifications — both positive and negative — on security for SMEs.
All data cited in this article is pulled from JumpCloud’s 2024 SME IT Trends Report unless otherwise cited.
The Bright Side
AI presents SMEs with many opportunities to improve their security. From intelligent network monitoring tools to AI-assisted asset management, AI helps companies reduce blind spots, close monitoring gaps caused by off-hours and staffing shortages, and automate workflows that allow fewer things to slip through the cracks. In short, AI empowers SMEs to run a tighter ship.
In general, SMEs seem eager to leverage these benefits. A whopping 90% of SMEs said that they use or are planning to use AI, and 77% of IT professionals see AI as a net positive for their organization. More than half (60%) of IT pros say their company is adopting AI at the right pace, and worries about AI’s impact on their jobs is subsiding: 35% worry about job impact, down from 45% in Q1 of 2024.
The Darker Side
Despite these wins, the rise of AI has come with some murkier areas — particularly when it comes to security.
Security is a significant hurdle for many SMEs: 60% said that it’s the top challenge for their IT teams. What’s more, 45% have already fallen victim to a cybersecurity attack in the first half of 2024 alone.
Of these attacks, the most common vectors were phishing (43%) and shadow IT (37%). These top attack vectors are already being influenced by AI. Hackers are increasingly leveraging AI to generate and carry out phishing attacks. And with employees eager to reap the benefits of AI tools, “shadow AI” is becoming a growing problem.
In addition to accelerating existing threats, AI may be introducing some new ones. For example, generative AI raises concerns about data security, information delivery, and the potential to generate harmful or malicious output. Read more about these risks in our blog, 3 Security Implications of ChatGPT and Other Content Generation Tools.
How Are SMEs Addressing the Challenge?
In the midst of this fast change, SMEs appear resilient and adaptable. They’ve demonstrated improvement and seem to be embracing best practices in many areas of security. These measures help to protect against attacks as well as provide a fallback, should one occur.
Funding
Funding appears to be a critical factor in maintaining security at SMEs. Nearly three-quarters of SME IT professionals said that future budget cuts would put their organizations at risk. Fortunately, SMEs seem to have bought into the importance of investing in IT: 77% said their budgets increased over the past year, and 70% said they expect their budgets to increase in the next six months. These investments seem to be paying off: 73% said their org is financially prepared to recover from a cybersecurity attack.
Authentication
IT teams are investing in stronger authentication methods as a means of protection against attack. For example, 67% of IT teams agree that their organization’s security posture would be stronger if biometrics were required, and more than half (66%) require it.
Staffing and Executive Confidence
SMEs seem to recognize the importance of security expertise and trust their teams to deliver. The majority of SMEs (84%) have an IT security expert on staff, and 82% of IT professionals said management respects their counsel and recommendations around IT operations.
Addressing Shadow IT
Centralized IT management can help combat shadow IT, and SMEs seem to be pursuing centralization. Nearly half (49%) say all employee accounts are managed centrally with permissions and security measures controlled by IT. Only 11% leave accounts entirely unmanaged and encourage — but don’t mandate — steps like multi-factor authentication (MFA).
However, shadow IT seems to be a tricky problem to eradicate. Over four in five (84%) of IT professionals are concerned with shadow IT. When asked why they aren’t able to address shadow IT, prioritization, visibility, and their organization’s fast pace were the top cited reasons.
Dialing Into More Data
The statistics and trends presented here are just a glimpse into the full data presented in the July 2024 edition of JumpCloud’s biannual report. In the full report, JumpCloud explores critical topics for SMEs globally, including job outlook, specific attack vectors, and how larger macroeconomic trends are affecting SMEs. Download the full report.
