SMBs overestimate cyber readiness as tools & AI uptake lag

A new global survey shows a significant gap between small and medium-sized businesses' confidence in their cybersecurity readiness and the actual measures they have in place to defend against evolving threats.
The "State of IT Security for SMBs in 2025" report, released by Devolutions, draws on responses from 445 IT, security, and executive professionals around the world. It finds that while 71% of SMBs say they feel confident in handling a major cybersecurity incident, only 22% report having an advanced cybersecurity posture. This disparity suggests that many organisations may be at greater risk than they believe.
PAM practices
The report highlights privileged access management (PAM) as a particular area of vulnerability. More than half of SMB respondents (52%) still depend on manual solutions—such as spreadsheets or shared digital vaults—to manage privileged credentials. This reliance on manual methods has actually increased since 2023, raising concerns about efficiency and security. "Manual access management isn't just inefficient – it's dangerous," notes Maurice Côté, VP Product at Devolutions. "The human is often the weakest link – and spreadsheets don't make us stronger. SMBs need lightweight, easy-to-deploy PAM tools designed for their reality."
Despite the increasing risks, many SMBs have not adopted automated or fit-for-purpose tools to manage sensitive access rights, potentially exposing them to insider threats and credential misuse.
Slow uptake of AI
Artificial Intelligence (AI) is being discussed widely as a potential game-changer for cybersecurity. The report finds that 71% of SMBs intend to increase their use of AI-driven tools, which can aid in threat detection, anomaly identification, and predictive analysis. However, only 25% of respondents are currently leveraging AI in their cybersecurity practices, and 40% say they have not started at all.
The slower pace of adoption is partly attributed to concerns about cyber threats targeting AI systems themselves, issues of data privacy, and a shortage of in-house expertise to implement advanced technology. "Artificial intelligence is a powerful advancement, but like fire, it must be handled with care," said Martin Lemay, CISO at Devolutions. "It's not without flaws, and its reliance on vast amounts of data makes strong governance and clear regulations essential to prevent misuse."
This highlights that while AI can offer efficiency and intelligence in defending digital assets, it introduces new challenges that SMBs must navigate carefully.
Budget issues
The report also notes a general trend of increased investment in cybersecurity, with 63% of SMBs boosting their security budgets. However, nearly a third still allocate less than 5% of their overall IT budgets to security-related spending. This raises questions about whether new investment is being targeted effectively toward the highest-priority areas. "Budget increases are encouraging, but throwing more money at cybersecurity doesn't work if it's not aligned with real risks," said Simon Chalifoux, CIO at Devolutions. "SMBs need to spend with intention – on tools, processes and training that match their environment."
The survey findings indicate that organisations often spend in ways that do not correspond to their most significant security risks, leaving gaps that could be exploited by attackers.
From awareness to action
Across all key areas—PAM, AI adoption, and budgeting—the report identifies a pattern: increased awareness is not always translating into practical action. While SMBs are more alert to cyber threats than in the past, many have not yet implemented measures that are widely considered best practice. "Cybersecurity isn't a checklist – it's a commitment," said David Hervieux, CEO of Devolutions. "It's not enough to feel secure; SMBs need to build the systems, habits and culture that make them secure. That means measuring their posture honestly – and investing like it truly matters. Because it does."
As cyber threats become more sophisticated, organisations face growing pressure to close the gap between perceived preparedness and the reality of their cybersecurity defences. The report suggests that without updated tools, smarter spending, and a commitment to continuous improvement, SMBs risk remaining vulnerable as the threat landscape evolves.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Techday NZ

3 days ago

• Techday NZ

Businesses embrace AI but lack training & infrastructure for growth

A recent global survey by TeamViewer has found that while small and mid-sized businesses (SMBs) are adopting artificial intelligence (AI) at a rapid pace, their overall maturity in using the technology remains limited, with a particular need for better training and infrastructure. The survey drew responses from 1,400 business leaders worldwide, including 200 based in Australia, and highlighted both the promise and persistent challenges of AI adoption for smaller organisations. The majority of SMB decision makers—95%—acknowledge they need additional training to use AI effectively, despite 72% describing themselves as AI experts. Productivity and insight Australian business leaders reported notable benefits: 33% said increased efficiency and productivity were the main advantages, and a further 28% cited improved insights into processes and performance. However, challenges remain substantial. Respondents identified the lack of education on using AI, perceived security or legal risks, and high implementation costs as their three key concerns. The Australian findings also showed that 70% of business leaders see AI as critical to business innovation and growth, with 67% specifically concerned about the security risks related to data management and 74% stating they use AI cautiously with security measures in place. Additionally, 59% believe AI will have a positive impact on their revenue growth in the coming year provided it can be scaled effectively, while 68% expect AI will drive the most significant productivity increase in a century. Adoption is common, but depth lags The survey found that 86% of SMB leaders globally are comfortable with AI tools being used by employees outside of IT. Yet, regular use remains limited; only one third of SMB respondents use AI daily, and just 16% do so weekly. Despite this, 35% of SMB leaders describe their use of AI as "very mature", compared to just 22% among larger enterprises. Failure to embrace automation through AI is viewed as a tangible risk. For 28% of SMB respondents, increased operational costs resulting from missed automation opportunities are the biggest consequence of inaction. In comparison, larger loss of competitive edge is a greater concern elsewhere, cited by 26% of the wider business community. Security and training Despite optimism about AI's potential—72% of SMB leaders globally expect AI to generate the greatest productivity boom of the century and 76% say it is essential to business performance—skills and security gaps persist. More than one third (38%) say insufficient AI training is a significant hurdle, with 74% expressing concern about data management risks and 65% only using AI in tightly controlled security environments. Furthermore, 77% would not risk a week's salary on their business's ability to manage risks such as unauthorised AI tool usage. Infrastructure and investment Infrastructure readiness is also a major issue. Nearly half (47%) of SMB decision makers say their current systems are insufficient to scale AI as swiftly as they would like. Still, signs of further investment are apparent: 75% of SMBs plan to increase their AI investment in the next 12 months, with the same proportion expecting to ramp up spending within six to twelve months. This suggests a move from initial experimentation towards more advanced implementations. Focus on practical tools TeamViewer has introduced TeamViewer Intelligence, featuring session insights and analytics, alongside its digital assistant, TeamViewer CoPilot, which is designed to help IT teams improve efficiency during support sessions. This tool aims to enable agents to stay focused, automate tasks, and receive real-time guidance without switching applications. "SMBs are clearly motivated to embrace AI, but many are still searching for the right way to turn early adoption into lasting impact," said Artus Rupalla, Director of Product Management at TeamViewer. "The key isn't just more tools, but smarter integration – solutions that bring automation, insight, and consistency into everyday operations. This research confirms what we're seeing across our customer base: SMBs want AI that solves real problems, not just theoretical ones. With practical tools like TeamViewer Intelligence, we can help these businesses move from experimentation to execution and drive real performance gains." The TeamViewer survey report focuses on respondents from businesses with 200–999 employees, and its findings underline the continued challenges faced by SMBs striving to keep pace with AI developments while addressing skills and infrastructure limitations.

NZ Herald

3 days ago

• NZ Herald

Amid bleak news, community generosity shines through

Upheaval is occurring in myriad regions. It is enough to make one turn away in despair. Here at home, we have our own issues, even if we are spared the horrors of war. The economy continues to languish. In May, consumer confidence fell amid global tariff uncertainty. Put simply, we are not spending. NZME business editor Liam Dann explained it last week: we are not spending, deferring in favour of saving or paying down our mortgages – just in case. Many industries, he said, are facing structural upheaval as artificial intelligence (AI) and other technological advances shake up the workforce. The brunt of this is being felt by people who should be at the peak of their spending power – particularly older professionals who are now unsure about their career prospects to retirement. So, yes, things seem bleak. But there remains those good news stories that manage to pierce the gloom; stories that restore our faith in humanity, our communities and each other. NZME's On The Up (OTU) campaign has highlighted a lot of these. The national campaign showcases stories of inspiration, success, courage and possibilities. A number of stories in just the past week embody all of these: Rotorua joined the national drive to collect a million cans for foodbanks; a Kaitāia cafe is offering free meals to tackle homelessness; Central Hawke's Bay teen Eve Hunter fashioned her ball gown from feed sacks and baling twine. The Northern Advocate told the story of 64-year-old John, living in a tent and unable to get social housing, despite his situation being deemed seriously at risk and in need of immediate action. He has chronic obstructive pulmonary disease (COPD) and asthma and is on a sickness benefit. He also has two elderly dogs, Max and Rusta. After John's plight was highlighted – help poured in. He received a dozen emails with offers of cheap cabins and places to stay, along with donations of food and bedding for him and his dogs. One woman from Christchurch ordered new dog bedding, pet blankets, dog food and dog jackets for Max and Rusta, and a woman from Auckland donated $200 for the dogs. John also had offers of food and bedding for himself. Perhaps best of all, he now has a small cabin to rent, provided by a fellow Northland resident. So, if there was any doubt there is good in the world this should help. Despite all the bad, people will always reach out to help one another if they can. Sign up to the Daily H, a free newsletter curated by our editors and delivered straight to your inbox every weekday.

Techday NZ

4 days ago

• Techday NZ

Agentic AI adoption in application security sees cautious growth

A new study conducted by Cycode has revealed changing attitudes towards the use of agentic artificial intelligence (AI) within application security, indicating both cautious uptake and notable benefits among early adopters. The survey, compiled from respondents at RSA Conference 2025, found that 60% of cybersecurity professionals are still at the early stages of adopting agentic AI, while those who have begun implementation are already reporting tangible improvements in productivity and risk mitigation. Adoption and anticipated growth The study highlights a considerable proportion of the market preparing for broader adoption, with nearly 50% of respondents planning to integrate agentic AI tools within the next year. The incremental approach taken by organisations reflects a degree of caution, particularly around the concept of granting AI systems the autonomy to make decisions independently. This hesitancy is attributed to organisations seeking to adapt their security practices to rapidly evolving development requirements while weighing the associated risks and benefits of such technology. The research points out that as awareness of agentic AI's capability within application security grows, the focus on educating the market about both its advantages and potential risks becomes more pronounced. The report suggests that clear communication around these factors may help overcome reservations among organisations still in the initial phase of AI adoption. Impact on workflows and team dynamics The survey results illustrate the impact agentic AI could have on software development pipelines. Thirty percent of respondents believe integrating agentic AI into continuous integration and continuous deployment (CI/CD) pipelines would significantly enhance the process. The increased speed and frequency of code deployment-termed "vibe coding" in industry parlance-has led to faster development cycles. This acceleration does not necessarily alter the ratio of application security personnel to developers, but it can create the impression of a widening gap, with security teams struggling to keep up. The data indicates that whilst 45% of respondents maintain a 1:50 to 1:100 application security-to-developer ratio, 26% report a much wider 1:500 to 1:1000 ratio. This imbalance places considerable strain on security professionals who are responsible for oversight, with survey findings indicating that agentic AI solutions have the potential to alleviate these pressures. Agentic AI capabilities in practice Key findings from the survey reveal varied perceptions on the utility of agentic AI for security teams. Forty-four percent of those surveyed believe agentic AI's greatest benefit lies in supporting the identification, prioritisation, and remediation of vulnerabilities. Another 38% believe these systems will enhance application security testing (AST), highlighting the perceived value of collaboration between AI and human teams to streamline key security operations. More than half (52%) of respondents agreed that, when integrated with AST tools, agentic AI's use of pre-commit hooks effectively sustains security checks during code commits, transforming what were previously overwhelming manual tasks into manageable automated processes. In addition, 44% of cybersecurity professionals highlighted the value of agentic AI in streamlining and enhancing secrets detection to help prevent data leaks, with many pointing to the importance of context-aware decision-making capabilities for the effectiveness of such solutions. Industry commentary Amir Kazemi, Director of Product Marketing at Cycode, commented on the findings: "It's fascinating to follow the industry's measured, yet rapid adoption to Agentic AI. Many interpretations and modalities of 'agent' exist, from simple chatbots to complex workflow automations to true autonomous agents. Our data underscores that educating the market on what agentic AI truly is, why it matters for AppSec, and its tangible value is paramount right now. Cycode is committed to leading this charge, empowering security teams and developers the ability to sense, reason, and act with context through agentic AI solutions." Cycode's latest research also notes the company's continued work in this area, including its agentic AI framework, which aims to support developers and security staff through autonomous AI teammates and context-aware remediation capabilities.