Sage : Cybersecurity climbs the SMB agenda, as AI pressure exposes resilience gap
Sage : Cybersecurity climbs the SMB agenda, as AI pressure exposes resilience gap
Publish Date: 2026-05-18 10:32:00
Source Domain: www.marketscreener.com
Using an unordered list, summarize the following article with between 4 and 8 key points.
ATLANTA (May 18, 2026) – Cybersecurity is considered one of the top strategic priorities for small and medium sized businesses (SMBs) worldwide, but many organizations remain exposed to attacks despite rising investment, according to new research commissioned by Sage, the leader in accounting, financial, HR and payroll technology for SMBs.The study, conducted by IDC and titled SMBs in the Age of AI: Navigating cyber complexity and building resilience, based on a global survey of 2,210 SMBs, found that over half (52%) rank cybersecurity and data protection among their top business priorities for the next 12 months, second only to growth (59%) and well ahead of scaling AI adoption (33%). Six in ten SMBs (60%) also expect to increase cybersecurity spending over the same period.Despite this momentum, many SMBs remain vulnerable to cyber-attacks, with one in two experiencing an incident or data breach in the last year. This highlights a resilience gap between SMBs prioritizing cybersecurity and the realities of how effectively it is embedded in day-to-day operations.The findings point to three gaps holding SMBs back:
Security is prioritized but not embedded day-to-day: Only 13% of micro businesses and 21% of small businesses describe their cybersecurity approach as proactive, compared with 48% of medium-sized organizations, leaving smaller firms more vulnerable to disruption.
Tools are in place but not consistently applied: Most SMBs report using baseline protections such as email security (79%), endpoint protection (67%) and regular patching and data backup (71%). Yet far fewer carry out staff training and phishing simulations (50%), train employees consistently or test incident response plans (36%), limiting the real-world effectiveness of these investments when incidents occur.
Third-party and SaaS risk is expanding faster than oversight: As SaaS platforms become central to operations, security monitoring often remains infrequent. Among micro businesses, 43% do not conduct regular or continuous monitoring of third-party vendors, creating blind spots across increasingly complex digital ecosystems.
AI accelerates pressure on already stretched securityAI adoption is intensifying cybersecurity pressure for SMBs, with readiness lagging behind risk. Eight in ten (81%) of SMBs are not prepared or remain in the early stages of preparedness for AI-related threats, while nearly a quarter (22%) have yet to implement dedicated protections for AI applications.The gap is even more pronounced among smaller firms. Among micro businesses, 84% say they are either unprepared or only at an early stage of readiness, with many lacking specific safeguards as AI use grows.The gaps are pronounced by business size too. The research found that 63% of medium-sized businesses see AI as a business opportunity, but only 23% of small businesses and 9% of micro businesses agree.For SMB customers, Sage is focused on making cybersecurity more accessible by embedding security into the design of everyday software from the outset, backed by continuous testing, secure coding practices aligned to OWASP standards, and ongoing security training for engineers. Sage also works with industry bodies, partners and government initiatives, including the UK Government’s Software Security Ambassadors Scheme, to support practical, accessible cybersecurity approaches that strengthen resilience across the wider SMB ecosystem.Gustavo Zeidan, Chief Information Security Officer at Sage, said:”Many SMBs are excited about the potential of AI but want simple, practical ways to adopt it securely as threats become more sophisticated. Businesses should not have to choose between innovation and security. By making cybersecurity easier to implement through secure-by-design products, clearer guidance and collaboration across industry and government, we can help SMBs build resilience, innovate securely and grow at pace.”Joel Stradling, Senior Research Director, European Security at IDC, said:”The research suggests many SMBs still believe they are not a prime target for cyberattacks, despite threats becoming more sophisticated and widespread. IDC recommends SMBs embed cybersecurity into AI initiatives from the outset and take an organization-wide approach to cyber resilience. Businesses that close the gap between growth ambitions and security readiness will be best placed to build long-term digital trust with customers, partners and investors.”
Notes to editors
Methodology
IDC conducted a custom survey of 2,210 SMBs across eight geographies: Canada (300), France (330), Germany (330), Portugal (100), South Africa (150), Spain (200), United Kingdom (300), and United States (500).
Software Security Ambassadors Scheme
Sage is a participant in the UK Government’s Software Security Ambassadors Scheme, led by the Department for Science, Innovation and Technology. The initiative brings together industry leaders to champion the adoption of the Software Security Code of Practice, helping to strengthen software supply chain security and improve cyber resilience across the UK economy.As part of the scheme, Sage works alongside government and industry partners to promote secure-by-design principles, share best practice, and support the development of practical, accessible approaches to cyber security for businesses of all sizes. Learn more about the Software Security Ambassadors Scheme here. Learn more about Trust and Security with Sage here.
About Sage
Sage exists to knock down barriers so everyone can thrive, starting with the millions of Small and Mid Sized Businesses served by us, our partners and accountants. Customers trust our finance, HR and payroll software to make work and money flow. By digitalizng business processes and relationships with customers, suppliers, employees, banks and governments, our AI-powered platform connects SMBs, removing friction and delivering insights. Knocking down barriers alsomeans we use our time, technology and experience to tackle digital inequality, economic inequality and the climate crisis.
About IDC
International Data Corporation (IDC) is the premier global provider of trusted technology intelligence, advisory services, and events. With more than 1,000 analysts worldwide, IDC offers global, regional, and local expertise on technology, IT benchmarking and sourcing, and industry opportunities and trends in over 100 countries. IDC’s analysis and insights help IT professionals, business executives, and the investment community to make fact-based technology decisions and to achieve their key business objectives. To learn more about IDC, please visit www.idc.com. Follow IDC on X at @IDC and LinkedIn. Subscribe to the IDC Blog for industry news and insights.
