SMEs to spend $90 billion on cyber-security in 2025

15 July 2021 3 min. read
More news on

A new report has found that spending on cyber-security among the world’s small and mid-sized enterprises will grow by more than $30 billion in the next four years. The worldwide by 2025 will stand at $90 billion, with managed security services making up one-third of that tally.

Cyber-crime was already weighing heavy on small and mid-sized enterprises (SMEs) before the pandemic, but in the last year the digital acceleration needed for businesses to adapt to socially distanced work has made them even more vulnerable. According to one study by insurance giant Hiscox, of 6,000 SME leaders from the US, UK, Belgium, France, Germany, the Netherlands, Spain, and Ireland, 23% said their businesses had suffered at least one cyber-attack in the last 12 months. Meanwhile, of the 590 US SMEs surveyed, the average cost of cyber-attacks stood at $25,612 – a hefty figure that took on even more significance during the lean months of lockdown.

As firms look to secure their systems in the wake of the pandemic, a new study from Analysys Mason has shown that SME spending on cyber-security is booming. Worldwide, SMEs (or SMBs in Analysys Mason’s report) spent $57 billion on cyber-security in 2020, and the researchers anticipate this figure hitting $90 billion in 2025.

SMB spending on cyber-security, by solution/service category, 2025

According to the study, managed security services and network security accounted for more than half of SMB cyber-security spending worldwide in 2020. While this will continue to be the case, the paper forecasts spending on managed security services will grow much more quickly than spending on network security.

Spending on remotely managed security services is driven by an organisation paying a third party to manage its cyber-security solutions, on an ongoing basis. It is a service which many IT-centred consulting firms offer, for example, monitoring and updating the firewall defences of a client, while overseeing patch management activities. The Covid-19 pandemic has accelerated demand for managed IT services in general – and while SMEs spent around $16 billion on managed security services globally, Analysys Mason expects spending on remotely managed security services will grow more at a CAGR of 14%, to constitute almost one-third of cyber-security spending among SMEs in 2025.

SMB spending on cyber-security, by region, 2025

The study added that a recent survey conducted by Analysys Mason had shown that over half of businesses in four key economies had already shifted in this direction. Firms with 50–999 employees in Australia, Canada, the UK and the US said they had started using, or have increased their use of, managed services in response to the Covid-19 pandemic.

Regionally, North America, emerging Asia–Pacific and Western Europe together accounted for 73% of SME spending on cyber-security in 2020. While Analysys Mason anticipates these regions to continue to be the main markets for cyber-security vendors that are targeting SMBs, though, North America and Western Europe are expected to account for a declining share of SME spending on cyber-security during the forecast period, due to growth across Asia.

“Emerging Asia–Pacific’s share will increase from 23% in 2020 to 27% in 2025,” author Igor Babić noted in the paper. “The emerging Asia–Pacific region includes two of the world’s largest countries in terms of population – China and India – as well as several other large countries, such as Indonesia and the Philippines, all of which are increasingly digitalising their economies. This region represents a significant opportunity for cyber-security vendors that target SMBs.”