SMB and midmarket organizations are leaning harder on external cybersecurity providers as compliance work, 24/7 monitoring and AI-driven attack concerns stretch internal teams, a WatchGuard-commissioned survey of 842 IT and cybersecurity professionals found.
For SMB leaders, the survey points to a shift from buying security tools to buying security capacity: monitoring, compliance support, identity controls and incident response.
The independent online survey, conducted in April 2026 across 20 countries, covered organizations with two to 2,499 employees. That methodology makes the report a measure of reported experience and buyer intent, rather than independent incident telemetry.
Compliance stretches internal teams
Although 55% of respondents described their IT teams as adequately staffed, 67% said they need additional support to manage growing compliance requirements and 54% cited the need for continuous monitoring and support.
Nearly 75% reported at least one cybersecurity incident in the past 12 months, led by malware or virus infections at 33%, phishing or business email compromise at 32% and data breaches or unauthorized access at 29%.
The pressure points are pushing more security work outside the business. WatchGuard found that 48% of organizations already rely on external providers to supplement internal teams, while others outsource most or all security functions.
Current service use still centers on foundational controls, including network security and firewall protection at 65%, managed threat detection and response at 57% and risk assessments and vulnerability management at 55%.
Demand shifts to AI response
Demand is moving beyond those baseline services finds the report. When asked where they want more provider support, 44% chose AI-driven threat detection and response, ahead of managed detection and response at 36%. Risk assessments and vulnerability management, and identity and access security, each followed at 35%.
The report found that 91% of organizations are at least somewhat concerned about AI-driven cyberattacks, while 44% want AI-driven response capabilities from their provider and the same share are willing to pay more for AI-driven threat detection and automated response.
The U.S. crime backdrop supports the emphasis on email fraud and cyber loss. The FBI’s 2025 Internet Crime Report said reported losses surpassed $20 billion, with business email compromise second only to investment-related fraud as a loss category.
Outsourcing introduces third-party risk
Outsourcing also creates its own control question. CISA’s Cross-Sector Cybersecurity Performance Goals 2.0 includes managed service provider risk, specifically citing third-party providers with deep system access.
Verizon’s 2025 DBIR SMB snapshot also found that third-party involvement in breaches doubled from 15% to 30%. Together, the findings make provider oversight part of the same decision as outsourcing capacity.
Higher budgets bring switching risk
Spending intent follows the same pattern. WatchGuard found that 75% of organizations expect cybersecurity spending to increase over the next two years. The largest premium areas were 24/7 monitoring and rapid incident response at 47%, AI-driven detection and response at 44%, and proactive threat hunting and employee training at 37% each.
Those budgets are not locked into existing providers. More than half of respondents, 58%, expect to change cybersecurity providers within the next three years. The leading switching triggers were rising costs without added value and a major security incident, each at 39%, followed by slow response times at 36%.
Provider confidence also differs by service model. Among organizations using a dedicated MSP or MSSP, 94% said their provider adequately protects them against emerging threats, including AI-driven attacks.
That figure fell to 89% for internet or telecom providers and 83% for consulting or professional services firms. In the United States, the report described a balanced mix of VARs, MSPs and telecom providers, suggesting no single provider model dominates the market.