IT admins report rising alarm around security budget cuts and recession


JumpCloud Inc. has announced the findings from its Q4 2022 SME IT Trends Report, ‘Managing IT Amidst Rising Security Threats and Global Turbulence for Small to Medium-Sized Enterprises’.

JumpCloud commissioned this biannual survey of SME IT admins to gain insights into the day-to-day experiences of IT professionals who power and secure operations without enterprise-level budget and staff. The latest survey results highlight that a plurality of IT pros worry that cybersecurity-specific funding might be at risk: 44% agree their organisation will cut spending on cybersecurity in the next year compared with 41% who disagree.

With the accelerated rate of attacks on SMEs and the sophisticated evolution of external threats, IT admins are concerned that such cuts will make organisations more vulnerable, with 75% reporting cuts to their organisation’s security budget will increase organisational risk. 

Inflation, laboir shortages, recession talks, market volatility, and global conflicts are just a few of the external impacts companies are absorbing. Market and global turbulence was present six months ago, but recent disruptions have been more acute. And recessionary pressures appear to impact SMEs already:  78% report seeing evidence of a recession in their business, and 34% say their organisation is severely impacted. Despite both internal and external events, SMEs are positioning themselves for success in large part due to the achievements of the IT teams that make it possible.

“SME admins have skillfully managed IT through a period of sustained and unprecedented uncertainty in business and the world,” said Rajat Bhargava, co-founder and CEO, JumpCloud. “SMEs would be wise to listen to IT teams’ concerns about the vulnerabilities introduced by tool sprawl and cuts in security budgets, as well as their pleas for tool consolidation and enhanced security. Improving security and reducing costs can go hand in hand with a platform approach that delivers both, offering secure access, improved productivity, and a better overall experience for end users and the IT professionals managing their tech access and apps.”

Key findings include:

Business Outlook:

  • A plurality worry that cybersecurity funding will get cut: 44% agree their organisation will cut spending on cybersecurity in the next year vs. 41% who disagree.
  • Big concerns that cuts in spending will make organizations more vulnerable: 75% say cuts to their organization’s security budget will increase organisational risk. 
  • Less than half of workers are back in the office full time: 46% of workers are in the office full time, with 29% working hybrid and 27% working remotely. 
  • Licensing costs are increasing: 22% expect to spend 50% or more of their budget on licensing in the coming year, up from 17% in April 2022. 
  • Recession isn’t sparing SMEs: 78% report seeing evidence of a recession in their business, and of that, 34% say business has been severely impacted.
  • Inflation isn’t concerning IT admins: 7% say they're not at all worried about inflation vs. 4% in April 2022. Fewer are reporting it’s a big worry (24% vs. 29% in April.) 
  • Talent availability is an issue despite recession: 34% say labor shortages make a significant impact or are a serious business limiter. 
  • Security concerns are rapidly increasing: 58% are more concerned about their organisation's security posture than they were six months ago. 


  • Employees are getting better at security: 78% agree that remote workers are better at following security best practices than a year ago, up from 75% in April 2022. But
  • IT admins still see a significant challenge, as 58% agree that hybrid work makes it harder for employees to follow good security practices, which remained about the same as the 60% who agreed in October of 2021.
  • IT admins increasingly say additional security adds friction: More admins agree that additional security makes a more cumbersome experience, 65% now up from 54% in October 2021. More admins strongly agree that additional security makes a more cumbersome experience (22%, up from 18% in April 2022).
  • Passwordless getting more popular: 67% report passwordless authentication is a priority for their organisation, up from 64% in April 2022, but 57% view passwordless as more of an industry buzzword than an IT priority, up from 52.6% who agreed in April 2022. 
  • Biometrics are popular with IT admins: 80.5% of SME IT admins use biometrics to secure personal devices, up from 73.9% in April 2022.  Face recognition is the most commonly used (74.5%) followed by fingerprint (76.7%), voice (48.5%), and liveness detection (23.8%).
  • Organizational use of biometrics is on the rise as well: 64.3% say their organizations require biometrics for employee authentication, up from 58.5% in April 2022.
  • One-time passwords (OTP) no longer seen as most secure but still easiest for end users: In April 2022, 31% said OTP was the most secure MFA method, now only 22% agree. OTPs are still seen as the easiest for users (34% vs. 38% in April 2022).
  • Biometrics secure top spot for security and seen as easy to use, but still viewed as most complicated for admins to implement: Biometrics are now seen as the most secure MFA method, with 32% agreeing, up from 29% in April 2022, but still the most complicated MFA method for IT admins to implement (34% agree, down slightly from 35% in April 2022). 28% say it's the easiest MFA method for users, up from 24% in April 2022, topped only by OTP.
  • MFA fatigue attacks are a big worry: 66% are concerned with MFA fatigue attacks, a technique used by attackers to overload a victim’s authentication application with push notifications in hopes they will accept one, giving the attacker access to their account.  
  • External actors are still biggest security concern: The top three security concerns are a network attack (steady at 40%), software vulnerability exploit (32% now vs. 29% in April 2022), and ransomware (29% now vs. 28% in April 2022). This contrasts with security concerns a little over a year ago in October 2021 when the biggest security concerns were software vulnerability exploits (39%), use of unsecured networks (36%), and ransomware (32%). 

Life of IT Admin:

  • Security tops remote worker management as top IT challenge: Top challenges for IT admins are security (52%), device management (46%), and increased work burden (45%). In October 2021, management of remote workers was biggest concern (59%) and increased work burden at 39%.
  • Admins’ sense of work responsibility increased: Now 45% report increased work burden is a bigger challenge, up from 37% who reported the same in April 2022. 
  • IT admins are choosing a balanced life: 57% agree that they've purposely reduced their workload to achieve a better work-life balance over the past six months. 
  • But they still work a lot: 26% report they work 10 or more hours more than their job description requires each week. 100% say they work at least one hour more per week than their job description requires, and 31% say they work six to nine hours more.

IT Management:

  • Remote access solutions are too costly: 90% use remote access, but 55% say they spend too much. 20% say they spend too much because it's underused.
  • Tool sprawl is real: Nearly one in 10 admins use nine or more tools to manage employee lifecycle. It’s similarly complicated for employees, with 16% of admins estimating employees use 10 or more passwords to do their jobs, and only 23% of admins estimate employees use just one to two.
  • Tool consolidation preferences remain strong for SME IT admins: 74% prefer a single solution to do their job, vs. 75% in April 2022. Only 19% cite a lack of budget as a reason for not consolidating, down from 24% in April 2022. 
  • Heterogeneous device environments are still the norm: Device breakdown in organisations is 61% Windows (vs. 65% in April 2022), 21% Linux (19% in April 2022), and 22% macOS (21% in April 2022). 
  • Expected increases in device use highest for Windows: Over the next year, admins expect their device use to increase most for Windows (57%), followed by macOS (40%), and Linux (35%).

Role of Managed Service Providers (MSPs):

  • MSP usage is up: 93% are considering or already work with MSPs, up from 89% in October 2021. 41% say an MSP completely manages their IT program, including technology, process, and support, up from 34% in April 2022. 
  • MSPs seen as valuable for a number of functions: On nearly every metric, IT admins rated MSPs higher across a variety of reasons vs. six months ago. The top reasons for MSP use are that they: are cost-effective (57% vs. 54% in April 2022), are up to date on latest technologies (65% vs. 64% in April 2022), offer a better user experience (62% vs. 52% in April 2022), better secure identity and access management (35% vs. 34% in April 2022), and offer customer support (22% vs. 20% in April 2022).
  • MSPs are most effective in improving IT’s day-to-day experience: While fewer report better security as a result of their MSP use (57% vs. 70% in April 2022), 51% report their job is easier due to MSP use (up from 36% in April 2022), and 60% report their effectiveness has increased (up from 32% in April 2022). 
  • IT individualism and cost are still the biggest blockers to MSP use: 53% of IT admins prefer to handle IT themselves over using an MSP, down from 56% in April 2022, and 36% say MSPs are too expensive, up from 29% in April 2022. Other cited reasons are that MSPs offer more than what they need (27%) and that organisations are too small to use an MSP (18%).
  • MSP security concerns way up: 56% agree that they have concerns with how MSPs manage security, up from 42% in April 2022, and 37% in October 2021. 

Survey Methodology

JumpCloud surveyed 502 US-based SME IT decision-makers, including managers, directors, vice presidents, and executives. Each survey respondent represented an organization with 2,500 or fewer employees across a variety of industries. The online survey was conducted by Propeller Insights, October 11-14, 2022. 

Additional Resources for IT Admins and MSPs

  • The IT Admins 2023 Planning Kit, the tools IT admins need for success — whatever 2023 may bring.
  • The MSP’s 2023 Planning Kit, tools to kick-start MSPs’ 2023 business planning — and ensure your selling, technical, and support strategies are set for the year.
  • The Path to Zero Trust With JumpCloud, an infographic showing how JumpCloud offers the path of least resistance toward Zero Trust implementation — without invoices from multiple vendors.
  • Zero Trust Security for MSPs, a guide on how to build a Zero Trust roadmap that benefits you and your clients.
  • Zero Trust Demystified, an SME’s guide to Zero Trust and actionable tips for successful implementation.

Add a Comment

No messages on this article yet

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter