JumpCloud research shows IT admins at small to medium-sized enterprise (SMEs) remain committed to delivering a secure and frictionless user experience, while needing to find ways to reduce TCO in the face of economic challenges and a decade of identity tech sprawl
LOUISVILLE, Colo. — Nov. 17, 2022 — JumpCloud Inc. today announced the findings from its Q4 2022 SME IT Trends Report, “Managing IT Amidst Rising Security Threats and Global Turbulence for Small to Medium-Sized Enterprises.” JumpCloud commissioned this biannual survey of SME IT admins to gain insights into the day-to-day experiences of IT professionals who power and secure operations without enterprise-level budget and staff. The latest survey results highlight that a plurality of IT pros worry that cybersecurity-specific funding might be at risk: 44% agree their organization will cut spending on cybersecurity in the next year compared with 41% who disagree.
With the accelerated rate of attacks on SMEs and the sophisticated evolution of external threats, IT admins are concerned that such cuts will make organizations more vulnerable, with 75% reporting cuts to their organization’s security budget will increase organizational risk.
Inflation, labor shortages, recession talks, market volatility, and global conflicts are just a few of the external impacts companies are absorbing. Market and global turbulence was present six months ago, but recent disruptions have been more acute. And recessionary pressures appear to impact SMEs already: 78% report seeing evidence of a recession in their business, and 34% say their organization is severely impacted. Despite both internal and external events, SMEs are positioning themselves for success in large part due to the achievements of the IT teams that make it possible.
“SME admins have skillfully managed IT through a period of sustained and unprecedented uncertainty in business and the world,” said Rajat Bhargava, co-founder and CEO, JumpCloud. “SMEs would be wise to listen to IT teams’ concerns about the vulnerabilities introduced by tool sprawl and cuts in security budgets, as well as their pleas for tool consolidation and enhanced security. Improving security and reducing costs can go hand in hand with a platform approach that delivers both, offering secure access, improved productivity, and a better overall experience for end users and the IT professionals managing their tech access and apps.”
The results of the JumpCloud Q4 2022 SME IT Trends Report are available in JumpCloud’s ebook, “Managing IT Amidst Rising Security Threats and Global Turbulence for Small to Medium-Sized Enterprises,” which can be downloaded for free here.
JumpCloud is also hosting a webinar on “IT in 2023: How to Prep for a ‘Make or Break’ Year” on November 22 to discuss these results and IT planning for 2023. Register here to attend. Additionally, JumpCloud is hosting a special IT Hour online chat on November 18 at 11:30 am Eastern Standard Time for IT admins to discuss the latest survey findings. The JumpCloud IT Hour is available live online or via registration.
Key findings include:
- A plurality worry that cybersecurity funding will get cut: 44% agree their organization will cut spending on cybersecurity in the next year vs. 41% who disagree.
- Big concerns that cuts in spending will make organizations more vulnerable: 75% say cuts to their organization’s security budget will increase organizational risk.
- Less than half of workers are back in the office full time: 46% of workers are in the office full time, with 29% working hybrid and 27% working remotely.
- Licensing costs are increasing: 22% expect to spend 50% or more of their budget on licensing in the coming year, up from 17% in April 2022.
- Recession isn’t sparing SMEs: 78% report seeing evidence of a recession in their business, and of that, 34% say business has been severely impacted.
- Inflation isn’t concerning IT admins: 7% say they’re not at all worried about inflation vs. 4% in April 2022. Fewer are reporting it’s a big worry (24% vs. 29% in April.)
- Talent availability is an issue despite recession: 34% say labor shortages make a significant impact or are a serious business limiter.
- Security concerns are rapidly increasing: 58% are more concerned about their organization’s security posture than they were six months ago.
- Employees are getting better at security: 78% agree that remote workers are better at following security best practices than a year ago, up from 75% in April 2022. But IT admins still see a significant challenge, as 58% agree that hybrid work makes it harder for employees to follow good security practices, which remained about the same as the 60% who agreed in October of 2021.
- IT admins increasingly say additional security adds friction: More admins agree that additional security makes a more cumbersome experience, 65% now up from 54% in October 2021. More admins strongly agree that additional security makes a more cumbersome experience (22%, up from 18% in April 2022).
- Passwordless getting more popular: 67% report passwordless authentication is a priority for their organization, up from 64% in April 2022, but 57% view passwordless as more of an industry buzzword than an IT priority, up from 52.6% who agreed in April 2022.
- Biometrics are popular with IT admins: 80.5% of SME IT admins use biometrics to secure personal devices, up from 73.9% in April 2022. Face recognition is the most commonly used (74.5%) followed by fingerprint (76.7%), voice (48.5%), and liveness detection (23.8%).
- Organizational use of biometrics is on the rise as well: 64.3% say their organizations require biometrics for employee authentication, up from 58.5% in April 2022.
- One-time passwords (OTP) no longer seen as most secure but still easiest for end users: In April 2022, 31% said OTP was the most secure MFA method, now only 22% agree. OTPs are still seen as the easiest for users (34% vs. 38% in April 2022).
- Biometrics secure top spot for security and seen as easy to use, but still viewed as most complicated for admins to implement: Biometrics are now seen as the most secure MFA method, with 32% agreeing, up from 29% in April 2022, but still the most complicated MFA method for IT admins to implement (34% agree, down slightly from 35% in April 2022). 28% say it’s the easiest MFA method for users, up from 24% in April 2022, topped only by OTP.
- MFA fatigue attacks are a big worry: 66% are concerned with MFA fatigue attacks, a technique used by attackers to overload a victim’s authentication application with push notifications in hopes they will accept one, giving the attacker access to their account.
- External actors are still biggest security concern: The top three security concerns are a network attack (steady at 40%), software vulnerability exploit (32% now vs. 29% in April 2022), and ransomware (29% now vs. 28% in April 2022). This contrasts with security concerns a little over a year ago in October 2021 when the biggest security concerns were software vulnerability exploits (39%), use of unsecured networks (36%), and ransomware (32%).
Life of IT Admin:
- Security tops remote worker management as top IT challenge: Top challenges for IT admins are security (52%), device management (46%), and increased work burden (45%). In October 2021, management of remote workers was biggest concern (59%) and increased work burden at 39%.
- Admins’ sense of work responsibility increased: Now 45% report increased work burden is a bigger challenge, up from 37% who reported the same in April 2022.
- IT admins are choosing a balanced life: 57% agree that they’ve purposely reduced their workload to achieve a better work-life balance over the past six months.
- But they still work a lot: 26% report they work 10 or more hours more than their job description requires each week. 100% say they work at least one hour more per week than their job description requires, and 31% say they work six to nine hours more.
- Remote access solutions are too costly: 90% use remote access, but 55% say they spend too much. 20% say they spend too much because it’s underused.
- Tool sprawl is real: Nearly one in 10 admins use nine or more tools to manage employee lifecycle. It’s similarly complicated for employees, with 16% of admins estimating employees use 10 or more passwords to do their jobs, and only 23% of admins estimate employees use just one to two.
- Tool consolidation preferences remain strong for SME IT admins: 74% prefer a single solution to do their job, vs. 75% in April 2022. Only 19% cite a lack of budget as a reason for not consolidating, down from 24% in April 2022.
- Heterogeneous device environments are still the norm: Device breakdown in organizations is 61% Windows (vs. 65% in April 2022), 21% Linux (19% in April 2022), and 22% macOS (21% in April 2022).
- Expected increases in device use highest for Windows: Over the next year, admins expect their device use to increase most for Windows (57%), followed by macOS (40%), and Linux (35%).
Role of Managed Service Providers (MSPs):
- MSP usage is up: 93% are considering or already work with MSPs, up from 89% in October 2021. 41% say an MSP completely manages their IT program, including technology, process, and support, up from 34% in April 2022.
- MSPs seen as valuable for a number of functions: On nearly every metric, IT admins rated MSPs higher across a variety of reasons vs. six months ago. The top reasons for MSP use are that they: are cost-effective (57% vs. 54% in April 2022), are up to date on latest technologies (65% vs. 64% in April 2022), offer a better user experience (62% vs. 52% in April 2022), better secure identity and access management (35% vs. 34% in April 2022), and offer customer support (22% vs. 20% in April 2022).
- MSPs are most effective in improving IT’s day-to-day experience: While fewer report better security as a result of their MSP use (57% vs. 70% in April 2022), 51% report their job is easier due to MSP use (up from 36% in April 2022), and 60% report their effectiveness has increased (up from 32% in April 2022).
- IT individualism and cost are still the biggest blockers to MSP use: 53% of IT admins prefer to handle IT themselves over using an MSP, down from 56% in April 2022, and 36% say MSPs are too expensive, up from 29% in April 2022. Other cited reasons are that MSPs offer more than what they need (27%) and that organizations are too small to use an MSP (18%).
- MSP security concerns way up: 56% agree that they have concerns with how MSPs manage security, up from 42% in April 2022, and 37% in October 2021.
JumpCloud surveyed 502 US-based SME IT decision-makers, including managers, directors, vice presidents, and executives. Each survey respondent represented an organization with 2,500 or fewer employees across a variety of industries. The online survey was conducted by Propeller Insights, October 11-14, 2022.
The findings from the JumpCloud Q4 2022 SME IT Trends Report can be found in “Managing IT Amidst Rising Security Threats and Global Turbulence for Small to Medium-Sized Enterprises,” here.
Additional Resources for IT Admins and MSPs
- The IT Admins 2023 Planning Kit, the tools IT admins need for success — whatever 2023 may bring.
- The MSP’s 2023 Planning Kit, tools to kick-start MSPs’ 2023 business planning — and ensure your selling, technical, and support strategies are set for the year.
- The Path to Zero Trust With JumpCloud, an infographic showing how JumpCloud offers the path of least resistance toward Zero Trust implementation — without invoices from multiple vendors.
- Zero Trust Security for MSPs, a guide on how to build a Zero Trust roadmap that benefits you and your clients.
- Zero Trust Demystified, an SME’s guide to Zero Trust and actionable tips for successful implementation.
JumpCloud® helps IT teams Make Work Happen® by centralizing management of user identities and devices, enabling small and medium-sized enterprises to adopt Zero Trust security models. JumpCloud has a global user base of more than 180,000 organizations, with more than 5,000 paying customers including Cars.com, GoFundMe, Grab, ClassPass, Uplight, Beyond Finance, and Foursquare. JumpCloud has raised over $400M from world-class investors including Sapphire Ventures, General Atlantic, Sands Capital, Atlassian, and CrowdStrike.