Techaisle Blog
MDR Adoption Booms in Midmarket, Slow in SMB: An Opportunity for Vendors
SMBs are the backbone of any economy and are crucial in driving innovation and creating jobs. Yet, when it comes to cybersecurity, they often lag behind larger enterprises, lacking the resources and expertise to defend against sophisticated cyberattacks. This is where Managed Detection and Response (MDR) emerges, offering SMBs a cost-effective and scalable solution to secure their valuable data and infrastructure.
The cybersecurity landscape is littered with threats, and small and medium-sized businesses (SMBs) are often the most vulnerable targets. According to Techaisle's research, not many SMBs are aware of Managed Detection and Response (MDR) services, a powerful tool designed to safeguard against cyberattacks. This begs the question: are SMBs missing out on a critical line of defense in today's ever-evolving digital landscape?
Awareness drives adoption
Techaisle’s SMB and Midmarket research data shows that small businesses are at a much earlier stage of their journey to MDR than their midmarket peers. Just 17% of companies with 1-99 employees report being aware of MDR, compared with 61% of core midmarket firms and 76% of upper midmarket organizations. Looking only at companies that are aware of MDR, current adoption rates mirror this pattern: 5% of small businesses that are aware of MDR are currently using these services versus 45% of core midmarket and 58% of upper midmarket organizations and virtually all companies that are aware of but not using MDR are either currently considering MDR or planning to evaluate these services within the next 12-18 months. These statistics indicate tremendous potential in each SMB segment: vendors must boost awareness of MDR’s benefits while executing an effective conversion strategy. This is especially true in small businesses – which should be an excellent fit segment for a managed service.
Selling sophisticated products to SMB customers is a significant challenge for IT vendors. This problem is especially acute with cybersecurity. Most SMB and Midmarket customer environments need defenses against many different types of threats, attackers, and threat vectors. Most SMBs lack the internal resources to understand what is required to protect against vulnerabilities and how different “shields” can be connected without leaving (or even creating) exploitable gaps in defense posture. Even the channel partners struggle to keep pace with simultaneous growth in threats and threat actors, vulnerabilities tied to in-use technologies or common business practices, and the ever-changing security vendor community.
Key MDR evaluation criteria/adoption drivers - Cost vs. Expertise: How SMBs Value Different Aspects of MDR Services
Building awareness and converting prospects to customers requires understanding the issues that motivate buyers to evaluate – and invest in – MDR services. To comprehend the factors driving adoption (or evaluation/consideration for firms investigating MDR but haven’t yet invested in it), Techaisle asked businesses to specify one or more reasons for interest in MDR.
The data indicates that SMBs across segments share a reasonably consistent view of why MDR might be an appropriate option for their businesses. Most report that they see the ability to free up in-house experts to focus on proactive security measures as a primary MDR benefit. While small businesses and core midmarket firms are driven by cost savings, upper midmarket firms prioritize functional benefits over cost. Moreover, firms that struggled to respond to a recent breach have a positive outlook on MDR.
Techaisle believes that this data delivers clear guidance to MDR suppliers: focus on acting as a cost-effective member of the SMB’s security team, supporting experts as they build practical approaches to security or as they need “all hands on deck” to respond to a cyber incident, rather than emphasizing the ability to provide the expertise that the SMB currently lacks.
Winning the SMB MDR Market: Tailoring Services to Address Unique Needs - Three takes on service value
The previous section shows that MDR’s ability to free up cycles for lean internal resources begs an important question: by doing what? Techaisle’s research looked at this issue from three perspectives – the nature of the MDR service, the value of different MDR supplier capabilities, and the MDR services that offer the most value to customers.
Which service is of most interest?
To start this investigation, Techaisle divided MDR into two broad service types, “managed SIEM services” and “next-generation endpoint detection and response services,” asking SMBs and midmarket firms who are using, evaluating, or considering MDR whether one or both are of most interest to their organizations. The research finds that small businesses are most interested in next-generation endpoint coverage because they have difficulty securing and monitoring endpoints, and this cohort has a limited understanding of SIEM. Core and upper midmarket firms have relatively consistent responses: slightly more emphasis on managed SIEM than endpoint detection and response, with 25%-30% believing both are essential drivers of interest in MDR.
Which supplier capabilities are most valued?
The next step in this investigation focused on the value of different aspects of MDR services. Businesses using or planning to use MDR were asked to select one critical service capability from a list of four common activities: active threat hunting, endpoint detection and response, incident response, and network threat analytics.
The data shows that active threat hunting and endpoint detection and response are “most valued” by both the small business and core midmarket segments; about 15% of firms in each of these cohorts value network threat analytics above other MDR services, while a sizable proportion of firms in the small business segment – especially, in the 1-9 employee segment – look to MDR suppliers primarily for incident response. Upper midmarket businesses, on the other hand, are most focused on active threat hunting and more than half cite this as the MDR supplier capability that provides the most value to their firms, with another 35% looking primarily for endpoint detection and response.
In-demand MDR services
To complete the MDR question sequence, Techaisle asked firms who are using or planning to use MDR about their preferred services from an MDR provider. Small businesses and core midmarket organizations showed a keen interest in risk assessment. Core midmarket firms ranked penetration testing second, followed by vulnerability remediation and management. Small businesses showed equal interest in vulnerability remediation, management, and risk reporting. Overall, small businesses aim to identify, report, and address risks, while core midmarket firms have similar goals, replacing risk reporting with third-party security readiness tests (penetration testing).
Upper midmarket firms exhibit a slightly different pattern, citing risk reporting as their top priority MDR service, followed closely by penetration testing and risk reporting. This suggests that upper midmarket firms are looking to MDR suppliers to augment current capabilities rather than to deliver needed services to address unmet needs.
Final Techaisle Take
For many SMBs, navigating the treacherous waters of cybersecurity can feel like sailing a dinghy in a hurricane. Limited resources and internal expertise often leave them exposed to a multitude of threats, from malware and phishing attacks to data breaches and ransomware. Fortunately, there's a life raft in sight: Managed Detection and Response (MDR) services offer a comprehensive approach to cybersecurity, providing SMBs with the 24/7 monitoring, threat hunting, and incident response capabilities they desperately need.
MDR is a promising solution for SMBs and midmarket firms who need to protect their businesses from the growing and evolving cyber threats. However, MDR vendors need to tailor their services to the unique needs and preferences of each SMB segment, emphasizing the benefits of freeing up internal resources, providing cost-effective expertise, and delivering comprehensive and proactive security capabilities. By understanding the drivers and criteria of SMB MDR adoption, vendors can position themselves as success partners and capture the tremendous potential of this market.
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.