A Lack of Resources and Talent Leaves UK SMEs Dangerously Exposed - Image by Riette Salzmann from PixabayThreat actors continue to innovate as cyber threats evolve at breakneck speed. Meanwhile, IT and cybersecurity budgets are stretched to their limit, and IT is suffering a significant skills shortage. Yet organisations have no choice but to defend themselves.

Today, cyberattacks increasingly target small to medium-sized enterprises (SMEs), according to JumpCloud’s latest Q3 2024 SME IT Trends Report. Forty-four per cent of UK SMEs have suffered a cybersecurity attack. Nearly two-thirds (60%) say they have had multiple attacks in 2024.

One cause is that smaller organisations lack the manpower of larger corporations. Nearly half (48%) of our UK survey cohort claim that despite their best efforts, they lack the resources and staff to secure the organisation against cybersecurity threats. A lack of access to skilled cybersecurity professionals’ compounds this. Many SME IT teams consist of only one or two people.

The Growing Cybersecurity Talent Gap

Another common trend in 2024 is return-to-office (RTO) mandates. However, these mandates can negatively impact employees and organisations, leading some to say they are not worth the risks to employee stability.

Such mandates may aim to boost morale and productivity. However, this approach is at odds with what modern workers seek. Contrary to the boardroom’s view, a significant portion of the workforce is not eager to give up the flexibility they’ve experienced in the last few years.

Furthermore, if corporate leaders begin rewarding employees for simply being present in the office for five days, they risk narrowing the talent pool, further exacerbating the skills shortage problem.

The ongoing skills gaps within IT teams are causing organisations to frantically seek professionals who have deep cybersecurity knowledge and the necessary certifications. As artificial intelligence (AI) and machine learning (ML) add a new dimension to the threat landscape, the demand for these cybersecurity experts is already outstripping supply.

The only way to address this is for organisations to adopt a proactive stance and drive investment in training and talent acquisition. But this isn’t an overnight fix.

Insufficient IT and cybersecurity personnel in SMEs can lead to inadequate defence. Without experts who can implement and manage robust security measures, SMEs are more susceptible to breaches. A lack of hands-on expertise can result in slower detection and response times.

It can lead to vulnerabilities lurking in systems longer than they should. Additionally, meeting growing regulatory requirements becomes more challenging without the necessary knowledge and skills.

Spending Challenges

In our survey, 36% of respondents stated that the biggest challenge to their IT team was the increased work burden. Unfortunately, over a quarter (28%) said they believe their organisation will cut spending next year. This will further compound the issue, with 69% of UK respondents agreeing that cuts to the budget will increase organisational risk.

In addition, nearly a third (31%) of UK organisations have gone through layoffs in the last six months, and nearly half of UK SMEs expect layoffs in the next six months.

This conservative view on investment means that the old playbook is obsolete. SMEs must adapt to deal with the changing landscape or risk falling behind. So, what strategies should they implement to mitigate the talent shortage?

New strategies

As mentioned above, businesses can invest in training and development to upskill their current workforce. In tandem, they can also explore partnerships and collaborations with educational and industry institutions. This will help develop a pipeline of talent. But that takes time while leaving the IT environment vulnerable to attacks.

To address immediate risks while building long-term solutions, it is crucial to explore outsourcing and managed services. Using MSPs can offer SMEs specialised skills and resources if they struggle to secure in-house expertise.

Indeed, our survey found that SMEs are deepening their ties with MSPs for IT solutions and support. Over half (51%) are using MSPs to support internal teams, and two-thirds say they plan to increase their investment in the next 12 months.

They can also leverage automation and adopt advanced security technologies. Incorporating automation and AI to bridge the gap can reduce the reliance on human intervention. Our survey raised some concerns about AI replacing humans. However, three-quarters (75%) of our respondents said that AI would be a net positive for their organisation.

External and Internal Pressures are Taking Their Toll

Gartner recently highlighted that nearly half of cybersecurity leaders will change jobs by 2025. Half of those will pursue different careers entirely due to workplace stress. These external and internal pressures are undoubtedly taking their toll.

IT teams are the engines that power and protect SME businesses. This is where organisations need to invest in tools and solutions designed to reduce the burden on IT teams.

IT teams should integrate identity and access management (IAM) into workflows to make it seamless. This allows teams to focus on more critical tasks rather than constantly putting out fires. IAM systems often have self-service portals where users can manage their requests. This improves user satisfaction and reduces help desk workloads.

Additionally, IAM enables secure remote access, ensuring remote and hybrid employees can access corporate resources from anywhere. This supports the current hybrid work environment.

This may be why 32% of our UK survey respondents stated they plan to invest in IAM in the next six months. Implementing IAM means organisations can better manage identities and access, significantly reducing the risk of cyber threats and ensuring a secure and efficient operational environment.

Navigating an Evolving World

Automating all of these processes reduces the administrative burden on IT staff. More importantly, we can keep the industry’s valued IT admin experts. The talent shortage poses a significant threat to SMEs, leaving them vulnerable to increasingly sophisticated cyber threats.

By adopting strategic measures such as training, collaboration and partnerships, outsourcing, and automation, SMEs can enhance their cybersecurity posture and mitigate risks associated with the skills gap.


JumpCloud® delivers a unified open directory platform that makes it easy to securely manage identities, devices, and access across your organization. With JumpCloud, IT teams and MSPs enable users to work securely from anywhere and manage their Windows, Apple, Linux, and Android devices from a single platform. JumpCloud is IT Simplified.

Learn more: https://www.jumpcloud.com/

Follow us: Blog | Community | Podcast | X (formerly Twitter) | LinkedIn | YouTube | Resources

LEAVE A REPLY

Please enter your comment!
Please enter your name here