IT Brief Canada - Technology news for CIOs & IT decision-makers
Canada
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
PAM
#
Advanced Persistent Threat Protection
#
Risk & Compliance

SMBs overestimate cyber readiness as tools & AI uptake lag

Yesterday
Author image
By Shannon Williams, Journalist

A new global survey shows a significant gap between small and medium-sized businesses' confidence in their cybersecurity readiness and the actual measures they have in place to defend against evolving threats.

The "State of IT Security for SMBs in 2025" report, released by Devolutions, draws on responses from 445 IT, security, and executive professionals around the world. It finds that while 71% of SMBs say they feel confident in handling a major cybersecurity incident, only 22% report having an advanced cybersecurity posture. This disparity suggests that many organisations may be at greater risk than they believe.

PAM practices

The report highlights privileged access management (PAM) as a particular area of vulnerability. More than half of SMB respondents (52%) still depend on manual solutions—such as spreadsheets or shared digital vaults—to manage privileged credentials. This reliance on manual methods has actually increased since 2023, raising concerns about efficiency and security.

"Manual access management isn't just inefficient – it's dangerous," notes Maurice Côté, VP Product at Devolutions. "The human is often the weakest link – and spreadsheets don't make us stronger. SMBs need lightweight, easy-to-deploy PAM tools designed for their reality."

Despite the increasing risks, many SMBs have not adopted automated or fit-for-purpose tools to manage sensitive access rights, potentially exposing them to insider threats and credential misuse.

Slow uptake of AI

Artificial Intelligence (AI) is being discussed widely as a potential game-changer for cybersecurity. The report finds that 71% of SMBs intend to increase their use of AI-driven tools, which can aid in threat detection, anomaly identification, and predictive analysis. However, only 25% of respondents are currently leveraging AI in their cybersecurity practices, and 40% say they have not started at all.

The slower pace of adoption is partly attributed to concerns about cyber threats targeting AI systems themselves, issues of data privacy, and a shortage of in-house expertise to implement advanced technology.

"Artificial intelligence is a powerful advancement, but like fire, it must be handled with care," said Martin Lemay, CISO at Devolutions. "It's not without flaws, and its reliance on vast amounts of data makes strong governance and clear regulations essential to prevent misuse."

This highlights that while AI can offer efficiency and intelligence in defending digital assets, it introduces new challenges that SMBs must navigate carefully.

Budget issues

The report also notes a general trend of increased investment in cybersecurity, with 63% of SMBs boosting their security budgets. However, nearly a third still allocate less than 5% of their overall IT budgets to security-related spending. This raises questions about whether new investment is being targeted effectively toward the highest-priority areas.

"Budget increases are encouraging, but throwing more money at cybersecurity doesn't work if it's not aligned with real risks," said Simon Chalifoux, CIO at Devolutions. "SMBs need to spend with intention – on tools, processes and training that match their environment."

The survey findings indicate that organisations often spend in ways that do not correspond to their most significant security risks, leaving gaps that could be exploited by attackers.

From awareness to action

Across all key areas—PAM, AI adoption, and budgeting—the report identifies a pattern: increased awareness is not always translating into practical action. While SMBs are more alert to cyber threats than in the past, many have not yet implemented measures that are widely considered best practice.

"Cybersecurity isn't a checklist – it's a commitment," said David Hervieux, CEO of Devolutions. "It's not enough to feel secure; SMBs need to build the systems, habits and culture that make them secure. That means measuring their posture honestly – and investing like it truly matters. Because it does."

As cyber threats become more sophisticated, organisations face growing pressure to close the gap between perceived preparedness and the reality of their cybersecurity defences. The report suggests that without updated tools, smarter spending, and a commitment to continuous improvement, SMBs risk remaining vulnerable as the threat landscape evolves.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Opus 2 leads AI litigation management in major law firms survey
Liftoff unveils AppRefinery for app insights & market trends
Sun World partners with Semarchy to streamline global data management
Oracle unveils AMD-powered zettascale AI cluster for OCI cloud
Phishing-as-a-Service drives surge in cybercrime for 2025
Top stories
PPDS & Shure form global alliance to offer unified AV solutions
Aiden Technologies now available in Azure Marketplace via MACC
Cloudera urges telcos to invest in AI or risk falling behind
Azul boosts Java security with improved runtime vulnerability detection
SEON expands real-time AML suite with AI-driven risk platform