SMBs Ramp Up Cybersecurity Budgets Amid Rising Threats and AI‑Driven Attacks
What Happened — An IDC survey of 2,200 small‑ and medium‑sized businesses across eight markets found that 60 % plan to increase cybersecurity spending within the next 12 months. Respondents cite a surge in phishing, AI‑powered attacks, and third‑party supply‑chain risks as primary drivers.
Why It Matters for TPRM —
- Elevated spend does not automatically translate into mature security processes, leaving third‑party risk exposure unchecked.
- AI‑enabled threats and opaque vendor practices increase the likelihood of data breaches that can cascade to your organization.
- Reactive security postures amplify incident response costs and business disruption for downstream partners.
Who Is Affected — Small and medium‑size enterprises across all sectors; indirect impact on their suppliers, customers, and service providers (MSPs, cloud hosts, SaaS vendors).
Recommended Actions —
- Review contractual security clauses with SMB vendors to ensure defined accountability and documented processes.
- Validate that SMB partners have formalized incident‑response plans and AI‑risk mitigation strategies.
- Incorporate continuous monitoring of third‑party security posture into your TPRM program.
Technical Notes — The survey highlights prevalent attack vectors: phishing/social engineering, insider risk, and supply‑chain vulnerabilities tied to cloud and SaaS adoption. No specific CVEs are cited. Source: Help Net Security – IDC SMB Cybersecurity Spending Report