MONTREAL, June 10, 2025 (GLOBE NEWSWIRE) — Cyber threats are accelerating, but many small and medium-sized businesses (SMBs) are stuck in neutral. Despite increasing awareness and rising investment in cybersecurity, too few are making the leap from confidence to capability. In fact, 71% of SMBs say they feel confident in handling a major cybersecurity incident – yet only 22% report having an advanced cybersecurity posture, according to Devolutions’ newly released report, “The State of IT Security for SMBs in 2025.”
Based on input from 445 IT, security and executive professionals around the world, the report reveals that this gap between perception and reality is leaving many SMBs vulnerable – particularly in three key areas: Privileged Access Management (PAM), Artificial Intelligence (AI) adoption, and cybersecurity budgeting. Devolutions, a global leader in secure software solutions, conducted the study to help organizations better understand how they can bridge the divide between IT management and security – and where many are still falling short.
PAM: Still Manual, Still Risky
Despite its critical role in minimizing insider threats and credential abuse, 52% of SMBs still rely on manual tools – like spreadsheets or shared vaults – to manage privileged access. That number has grown since 2023.
“Manual access management isn’t just inefficient – it’s dangerous,” notes Maurice Côté, VP Product at Devolutions. “The human is often the weakest link – and spreadsheets don’t make us stronger. SMBs …