UK SMEs are set to increase their reliance on managed security services during 2025, according to independent research from Six Degrees, the secure, integrated cloud services provider. Two-thirds said they will be more reliant over the next 12 months - with 80% stating this is a good thing. Just 13% said they would be less reliant, while 19.5% said they would maintain the same level of reliance.
Findings from Mapping the UK SME Cyber Security Landscape in 2025 go on to show the country’s SMEs are most likely to purchase managed security services because they lack the specialist skills to manage increasingly complex cyber security solutions (37%). That’s followed by the requirement to meet compliance directives, industry regulations and/or legal requirements (36%).
Interestingly, these factors outrank the need to deal with increasing cyber-attack volumes and sophistication (34%), the ability to cope with surges in cyber security activity (31%), and the requirement for 24x7 support (28%). Perhaps most surprisingly, over one-fifth of SMEs purchase managed security services to shift responsibility to a third party.
“I welcome these candid responses from the UK’s SME community,” comments Vince DeLuca, Chief Executive Officer at Six Degrees. “We’ve instinctively known for some time that a significant number of cyber security service purchases are driven by the need to demonstrate compliance with directives, regulations and laws. We also understand that the ongoing cyber security skills shortage leaves these organisations increasingly vulnerable to cyber-attacks—exposing them to risks that could jeopardise that compliance. That heightened risk makes it all the more likely that they would want to shift their responsibility to a third party.”
He continues: “However, if a cyber security solutions or services provider has open and honest discussions with its customers, then those customers will know purchasing a cyber security solution means accepting a shared risk profile - it’s not a way for businesses to abdicate responsibilities. The cyber security tool or service purchase and its ongoing management must also form part of a broader strategy that informs business change in every single context. If you don’t re-engineer your organisation to be secure, no amount of tooling will fix it.”
Dealing with cyber security frustrations
Plans to increase reliance on managed security services could also be interpreted as an attempt by SMEs to address some of their biggest cyber security frustrations. Six Degrees’ research identified eleven of these, including implementation costs (43%), implementation times (37%), inability to fully utilise existing cyber security protection solutions (33%) and departure of in-house cyber security experts (24%). In this context, working in partnership with a managed security services provider to deliver the likes of Managed Extended Detection and Response for threat analysis, containment, and eradication across cloud and endpoints could be a very astute move - especially when so many of these frustrations can be tied back directly to IT and cyber security skills shortages in the SME space.
“There’s a direct link between the lack of specialist skills needed to operate cyber security solutions and some of the biggest cyber security frustrations encountered by SMEs - including implementation delays, increased project costs, and an inability to fully utilise existing solutions. By increasing their reliance on managed security services, SMEs are taking proactive steps to address these skills shortages and, therefore, resolve their frustrations. This also explains why most think it’s a good idea to lean more heavily on managed security services,” concludes Vince DeLuca.
