- The Nanoleaf Skylight is one of my favorite smart lights (and just hit its lowest price)
- This top-rated Dyson hair dryer is on sale for the lowest price yet on Amazon
- Anthropic's latest Claude AI models are here - and you can try one for free today
- This $200 Android smartwatch outlasted my Galaxy Watch Ultra - and it's on sale
- Cisco Welcomes Brett McGurk
How to safeguard your small business in the hybrid work era: 5 top cybersecurity solutions
Keeping your small business’s applications, data, and devices secure and compliant presents unique challenges, especially when you want to keep your people productive by giving them access to what they need at any time, on any device, from any location. The good news is that there are a variety of practical cybersecurity products and services available.
Also: Why remote work is still the secret sauce behind small business success
For cybersecurity, the new realities of how small businesses want to work are driving changes in technology (e.g., security at the network edge) — and in delivery (e.g., security-as-a-service).
Examples of how business choices are changing can be seen in recent research findings from Aberdeen Strategy & Research (a division of Spiceworks Ziff Davis). See Figure 1 below.
Cybersecurity solutions: Current and planned deployments
Figure 1: Cybersecurity solution categories exhibiting high adoption and high growth. The x-axis shows the percentage of all respondents with current deployments of each respective cybersecurity solution category. The y-axis shows the net percentage of planned deployments of those products and services within the next 12 months (i.e., the percentage of all respondents planning to deploy, minus those planning to phase out their current deployments).
Source: Aberdeen, May 2025
Here are some of the top cybersecurity solution categories designed to support the modern working environment and help small businesses thrive, for each of five high-level areas:
1. Identities: Multi-factor authentication (MFA) has finally gone mainstream, offering better security and a much better user experience than policy-driven efforts to improve the strength of traditional passwords based on length, complexity, and other requirements.
2. Access: The need to secure and manage a dynamic workforce (in-office, remote, and hybrid) — while providing a consistent, flexible, friction-free user experience — has led to increasing adoption of advanced network access technologies based on the principles of zero trust, such as secure access service edge (SASE), and less reliance on traditional VPN connections.
3. Endpoint security: Solution categories like endpoint detection and response (EDR), automated patch management, and remote monitoring and management (RMM) are especially helpful for securing and managing a remote/hybrid workforce, and also act as a productive and cost-effective force multiplier for the small business’s technical staff.
Also: Why no small business is too small for hackers – and 8 security best practices for SMBs
4. Data security: As small businesses have become more comfortable relying on trusted service providers, cloud-based storage, backup, and disaster recovery-as-a-service (DRaaS) have become far more prevalent than traditional on-premises solutions. Since most data breaches are initiated by exploiting human-related vulnerabilities, most organizations also invest in ongoing security awareness and training for their users.
5. Security operations: In our new era of work, cybersecurity protections alone are not enough. In recent years, organizations have also been investing in solution categories like managed detection and response (MDR) from trusted service providers to help them detect, respond, and recover more quickly and cost-effectively from the inevitable cybersecurity- and compliance-related incidents.
Current deployments and perceived benefits
The Spiceworks Ziff Davis State of IT 2025 report examined these same five high-level areas (identities, access, endpoint security, data security, and security operations), but with an interesting twist. For selected cybersecurity solution categories in each of these areas, respondents were asked about two things:
Usage (current, previous, and planned within the next two years)
Perceived benefit (whether current and previous users felt the technology was worth the investment in terms of the associated time, effort, and total cost)
Also: Modernizing your hybrid team means more than buying new tech gear – 3 tips for success
Figure 2 provides some research highlights, based on more than 800 global responses. Across all of the representative solution categories, organizations projected continued expansion of use over the next two years and an extremely high perception of value for the time and resources invested.
Figure 2: Cybersecurity solution categories with the highest adoption and the highest perceived value. Net “Worth the Investment” Index: +100% means all respondents were positive; -100% means all were negative. >=+50% is generally considered to be very strong.
Source: Adapted from Spiceworks Ziff Davis State of IT 2025 report; Aberdeen, May 2025
Some quick observations about the findings in Figure 2, beyond those already made above:
- Solution categories like MFA, DRaaS, and EDR are used by a majority of State of IT 2025 respondents, and are highest on the net “Worth the Investment” index.
- For several years, organizations have been investing in technologies such as security information and event management (SIEM) to combine and correlate cybersecurity- and compliance-related logs and events on a common platform.
- The ongoing quest to eliminate traditional passwords continues with the adoption of various forms of passwordless authentication technologies.
- The increased use of identity governance solutions underscores an ongoing maturity among IT and cybersecurity professionals, who embrace both the technical and business aspects of cybersecurity.
- Zero trust network access (ZTNA) — a component of leading solutions in the SASE category — refers to networking and security services that continuously verify identities (users, devices) before granting access to enterprise resources, based on widely used cybersecurity principles such as zero trust and least privilege.
- As the market matures, cyber insurance policies have become more rigorous to obtain, but they continue to play an important role in managing the risk of data breaches.
Real talk about budgets
It’s very helpful to have these insights about the cybersecurity solutions viewed as most popular and useful — but that doesn’t necessarily mean that your small business has the budget to deploy all of them, everywhere, all at once.
One final insight from the Spiceworks Ziff Davis State of IT 2025 research that may also be helpful: As a percentage of total annual expenditures on computing infrastructure, the amount spent on cybersecurity ranged from a low end (5th percentile) of about 3.5% to a high end (95th percentile) of nearly 26%. The median was 11.2%, just a tick higher than the 2024 findings.
Also: Want to enable serendipitous innovation for remote teams? Do these 6 things
In other words, for every dollar spent annually on their computing infrastructure, organizations are spending between 3.5 cents and 26 cents (median: 11.2 cents) on cybersecurity.
As we all know, there’s no one right amount for cybersecurity budgets. Ultimately, they are business decisions that balance two dimensions: How much we can afford and how much risk we are willing to accept. In most small businesses, this requires choices and trade-offs.
The role of tech professionals (and tech marketers) is to identify and communicate effectively about risks and help the senior leadership team make better-informed business decisions about balancing risks and affordability. We advise and recommend; it falls to them to decide.
Hopefully, these findings will help you take on that role.
Stay ahead of security news with Tech Today, delivered to your inbox every morning.
