Sixty one per cent of SMEs regard security as their biggest challenge in 2025, according to a survey by JumpCloud.
JumpCloud’s Q1 2025 SME IT Trends Report also found that 45 per cent of respondents have suffered a cybersecurity attack, and bad actors are once again favouring phishing in targeting these organisations, accounting for 53 per cent of attacks.
UK IT admins within SMEs are under constant pressure to juggle complex device environments, shadow IT risks, cybersecurity attacks and the rapid rise of AI – all while trying to ensure a seamless user experience.
The pace of change is relentless, with almost 90 per cent of UK IT admins worried about unauthorised apps and devices expanding their attack surface. More than half (60 per cent) expressed concern that AI’s rapid advance will outpace their ability to secure against AI-specific threats.
With IT sprawl overwhelming many teams, 83 per cent of respondents want a unified platform to better manage devices, identities and access to simplify their increasingly fragmented environment.
JumpCloud's survey found that even though security is a prominent business concern for UK organisations, almost half (48 per cent) are not implementing stronger security measures across their IT stack because these measures might result in a poorer user experience. Forty two per cent of UK SMEs are not implementing stronger security measures because they already manage too many tools in their IT stack.
Tool sprawl is a persistent problem - the number of organisations using between 11 to 15 tools to manage the employee lifecycle and all resources has increased to 19 per cent and the number using between 5 to 10 tools has also increased from 46 per cent in Q3 2024 to 51 per cent in Q1 2025.
Rajat Bhargava, co-founder and CEO of JumpCloud, said, “Clearly IT professionals at UK SMEs face challenges on multiple levels, however, this time around we have seen three clear themes emerge: security threats continue to escalate at an alarming pace; AI adoption is also accelerating; and both are prompting UK businesses to turn to MSPs to implement more resilient and robust cybersecurity measures.
“For those organisations wanting to innovate while also having the controls in place to safeguard their business, embracing a centralised, unified platform to manage an ever-growing complex environment will be critical in 2025.”
While concerns around AI and its power to outpace UK SME’s ability to protect against threats remains an issue for 60 per cent of respondents, this percentage has decreased slightly in Q1 2025 compared to 64 per cent who said this in Q3 2024.
Therefore, while UK organisations continue to approach AI’s implementation with caution, it is increasingly being seen as a force for good. In fact, the appetite for implementing AI initiatives has grown from 66 per cent who had plans to do this in Q3 2024 to 75 per cent in this report.
IT budgets have also shot up. Sixty-eight per cent of UK SMEs expected budgets to rise in the last report, now 80 per cent expect to have more budget in Q1 2025. Likewise, 76 per cent of SMEs expect cyber budgets to increase in the next 12 months and more than half (52 per cent) of SMEs are planning to invest in cybersecurity tools and services in the next six months. This was higher than any other planned investment.
MSP adoption and investment in the next 12 months has also increased significantly since the previous SME IT Trends report, from 67 per cent in Q3 2024 to 79 per cent in Q1 2025. In Q1 2025, more UK SMEs (31 per cent) are using MSPs to completely manage their IT programme, including technology, process, and support, compared to 24 per cent in Q3 2024.