Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
Cyber security is considered one of the top strategic priorities for small and medium sized businesses (SMBs) worldwide, but many organisations remain exposed to attacks despite rising investment, according to new research commissioned by Sage.
The study, conducted by IDC and titled SMBs in the Age of AI: Navigating cyber complexity and building resilience, based on a global survey of 2,210 SMBs, found that over half (52%) rank cyber security and data protection among their top business priorities for the next 12 months, second only to growth (59%) and well ahead of scaling AI adoption (33%). Six in ten SMBs (60%) also expect to increase cyber security spending over the same period.
Despite this momentum, many SMBs remain vulnerable to cyber-attacks, with one in two experiencing an incident or data breach in the last year. This highlights a resilience gap between SMBs prioritising cyber security and the realities of how effectively it is embedded in day-to-day operations.
The findings point to three gaps holding SMBs back:
· Security is prioritised but not embedded day-to-day: Only 13% of micro businesses and 21% of small businesses describe their cyber security approach as proactive, compared with 48% of medium‑sized organisations, leaving smaller firms more vulnerable to disruption.
· Tools are in place but not consistently applied: Most SMBs report using baseline protections such as email security (79%), endpoint protection (67%) and regular patching and data backup (71%). Yet far fewer carry out staff training and phishing simulations (50%), train employees consistently or test incident response plans (36%), limiting the real‑world effectiveness of these investments when incidents occur.
· Third‑party and SaaS risk is expanding faster than oversight: As SaaS platforms become central to operations, security monitoring often remains infrequent. Among micro businesses, 43% do not conduct regular or continuous monitoring of third-party vendors, creating blind spots across increasingly complex digital ecosystems.
AI accelerates pressure on already stretched security
AI adoption is intensifying cyber security pressure for SMBs, with readiness lagging behind risk. Eight in ten (81%) of SMBs are not prepared or remain in the early stages of preparedness for AI-related threats, while nearly a quarter (22%) have yet to implement dedicated protections for AI applications.
The gap is even more pronounced among smaller firms. Among micro businesses, 84% say they are either unprepared or only at an early stage of readiness, with many lacking specific safeguards as AI use grows.
The gaps are pronounced by business size too. The research found that 63% of medium-sized businesses see AI as a business opportunity, but only 23% of small businesses and 9% of micro businesses agree.
For SMB customers, Sage is focused on making cyber security more accessible by embedding security into the design of everyday software from the outset, backed by continuous testing, secure coding practices aligned to OWASP standards, and ongoing security training for engineers. Sage also works with industry bodies, partners and government initiatives, including the UK Government’s Software Security Ambassadors Scheme, to support practical, accessible cyber security approaches that strengthen resilience across the wider SMB ecosystem.
Gustavo Zeidan, Chief Information Security Officer at Sage, said:
“Many SMBs are excited about the potential of AI but want simple, practical ways to adopt it securely as threats become more sophisticated. Businesses should not have to choose between innovation and security. By making cyber security easier to implement through secure-by-design products, clearer guidance and collaboration across industry and government, we can help SMBs build resilience, innovate securely and grow at pace.”
Joel Stradling, Senior Research Director, European Security at IDC, said:
“The research suggests many SMBs still believe they are not a prime target for cyberattacks, despite threats becoming more sophisticated and widespread. IDC recommends SMBs embed cybersecurity into AI initiatives from the outset and take an organisation-wide approach to cyber resilience. Businesses that close the gap between growth ambitions and security readiness will be best placed to build long-term digital trust with customers, partners and investors.”
UK Cyber Security Minister Baroness Lloyd said:
“Small and medium-sized businesses are under growing pressure from cyber threats, and AI is making that challenge more urgent. But strong cyber resilience does not always mean expensive or complicated action. It starts with getting the basics right.
“That is why the National Cyber Security Centre’s Cyber Action Toolkit and our Cyber Essentials scheme are so important. They give smaller firms clear, practical ways to strengthen their defences against common online threats, helping them build resilience and reduce the risk of serious disruption. I urge all SMEs to take up these valuable protections.”
