Small businesses fear AI cyberattacks, WatchGuard finds

WatchGuard has published research showing growing concern among small and medium-sized businesses about AI-driven cyberattacks. The survey found that 91% of respondents are worried about the threat.

The study covered 842 IT and cybersecurity professionals at organisations with between two and 2,499 employees across 20 countries. It found that 75% had experienced at least one cyber incident in the past year, while 54% said they could not provide continuous 24/7 monitoring and response.

The figures suggest mounting strain on internal security teams rather than a lack of awareness. Many organisations believe they are adequately staffed, but the volume and pace of threats have outgrown what those teams can manage on their own.

Managed service providers are becoming more central to that response. Nearly half of respondents, 48%, said they already rely on MSPs to support their internal teams, suggesting outsourced security is shifting from a supplementary role to a core one.

Compliance pressures are adding to the burden. The survey found that 67% of respondents need extra support to meet growing compliance demands, adding another operational challenge for businesses already dealing with frequent incidents and limited round-the-clock coverage.

WatchGuard also found that artificial intelligence is shaping how companies buy security services. Some 44% of organisations said they are willing to pay more for AI-powered detection and response, indicating growing demand for tools and services that can shorten response times and ease pressure on internal staff.

Those expectations are also changing the relationship between customers and external providers. Traditional measures such as uptime and service delivery are giving way to demands for faster incident detection and response, more proactive threat prevention, lower operational complexity, and improved resilience.

Nearly half of respondents now view their provider as a strategic advisor or proactive partner. That marks a shift from a more transactional view of outsourced IT and security support.

Regional patterns

Adoption models still vary across markets. More mature markets such as the United States and France show greater reliance on managed services, while Mexico remains more dependent on value-added resellers and Canada shows stronger uptake of consulting-led approaches.

Even so, buyer priorities are becoming more closely aligned across regions. Around-the-clock monitoring, faster response times, AI-based tools, and compliance support emerged as common themes despite differences between markets.

Budget pressure

Spending plans suggest businesses are preparing to commit more money to cyber defence despite wider economic uncertainty. Three-quarters of respondents said they expect their cybersecurity budgets to increase over the next two years, with spending directed towards services that offer ongoing protection and clearer operational results.

The findings suggest cybersecurity spending is being treated less as a periodic technology purchase and more as a continuing operational requirement. That has implications for in-house teams, software vendors, and service providers alike, as customers place more emphasis on constant coverage rather than occasional upgrades.

For MSPs, the shift could expand their role well beyond basic IT support. As more organisations seek external help with monitoring, incident response, and compliance, service providers stand to take on a larger share of day-to-day cyber defence work.

Joe Smolarski, Chief Executive Officer of WatchGuard, said the issue is one of operational limits rather than understanding. "This is not a skills gap; it's a capacity gap," he said.

"Organisations understand the risks. What they lack is the ability to monitor, detect, and respond at the speed and scale required today. Cybersecurity is moving beyond what internal teams can handle alone, creating a massive opportunity for MSPs to step in as true security partners."