SMBs show no improvement in IT maturity levels, security remains top concern

IT groups at small and midsize businesses (SMBs) show no improvement in IT maturity levels in three years, while security remains top concern, a Kaseya survey reveals.

SMBs IT maturity levels

Based on input from more than 400 global respondents, survey data revealed a number of emerging trends in the IT operations landscape.

Security remains top priority for third year in a row

Amidst increasingly sophisticated cyberattacks and high-profile breaches, improving security remains the top concern for most midsize businesses. Thirty-two percent of respondents experienced a security breach in the past five years, down slightly from 35 percent in 2018 with at least 10 percent of respondents reporting that they were hit by a breach in the past year.

This year’s survey data showed automated software patch management as a key area for improvement in most SMBs. Only 42 percent of respondents automate or plan to automate patch management and, similarly, just 42 percent monitor third party software and apply critical patches within 30 days.

Given that big security breaches are frequently a result of failure to patch in a timely manner, automated patching stands as a significant area for improvement for more than half of respondents.

The 2019 survey also brought to light a strong correlation between outages and data breaches. Nearly 61 percent of respondents who had a security breach last year also had two to four outages, a 15 percent increase from 2018. This is a further indication of the faltering progress in improving IT maturity.

Overall, it remains no surprise that improving security is the top IT priority for 57 percent of SMBs, up from 54 percent in 2018 and 40 percent in 2017.

Cloud gains importance in backup and disaster recovery

Nearly 90 percent of respondents back up their servers. Backup to the cloud in combination with the other media is among the top five business continuity and disaster recovery (BCDR) strategies, adopted by 33 percent of the respondents.

Only 29 percent of respondents back up their SaaS application data (Microsoft Office 365, G Suite, Salesforce, etc.), showing no improvement from 2018. The data indicates a continued lack of ownership and understanding that SaaS data backup for anything longer than 30 days is typically the customer’s responsibility.

Overall, cloud adoption is high and reservations to adoption are long gone. As companies, however, entrust their critical apps to run in the cloud, they are leaving themselves at major risk by not backing up their SaaS application data.

IT maturity shows a plateau in progress

Defined by a collective set of IT management capabilities and indicative of what the IT department can do for the growth of a business, the new survey shows IT maturity has not improved over the past three years.

More than 50 percent of respondents have consistently been at the two lowest levels of IT operational maturity. When surveyed regarding their IT management capabilities, many are in constant firefighting mode.

Thirty-five percent of respondents are at the lowest level of IT operational maturity (Reactive); another 21 percent are at the second level of maturity (Efficient), while only 11 percent of respondents said they have a strategic role in driving business innovation (Strategic level of maturity).

SMBs IT maturity levels

Other finding highlights include:

  • Conflicting service level priorities: Delivering higher service levels remains among the top priorities in 2019, but is at odds with a decline in the percentage of respondents that have formal service level agreements (SLAs). Over the past three years, the percentage of respondents without formal SLAs in place has increased, from 35 percent in 2017 to 39 percent in 2018 to 43 percent in 2019.
  • Increasing influence of IT departments in the C-Suite: The degree of influence of the head of the IT department on company-wide decision making has risen considerably in the past three years. Nearly half of all respondents state that the head of the IT department has a great deal of influence in C-level decision making in their company.
  • GDPR gains ground in compliance: While HIPAA and PCI remain at the top of the list of Compliance Regulations in 2019, GDPR moved to the third spot from sixth in 2018, in line with the regulation’s implementation in May 2018.

“The adoption of modern information technology solutions has the ability to transform the structure and daily operations of today’s IT teams, allowing companies to offer a greater variety of solutions and higher levels of service to their customers.

“As these technologies mature into the 2020s, the playing field will continue to level as midsize businesses and smaller IT organizations leverage more powerful tools to compete with their large enterprise counterparts,” said Mike Puglia, chief strategy officer, Kaseya.

“With these new tools, IT teams can meet the challenges of ever-increasing customer expectations and security threats that demand constant innovation and operational improvements from frequently overworked staff.”

Don't miss