2024

Mid-Market
IT Priorities
Report
An investigation into how mid-market
organisations, particularly in the private
healthcare, transport, retail, finance and
insurance sectors, continue to adapt their
IT priorities and refocus investment.
NODE4 2024 IT PRIORITIES

Executive
Introduction
Node4’s 2024 Mid-Market IT Priorities Report explores how this section of the UK’s economy
continues to manage digital transformation and compliance challenges.

Alongside analysing long-standing factors such as IT budgets and cloud maturity, we’ve
focused on the growing use of artificial intelligence (AI). We explore potential barriers to AI
adoption, investigating whether — and to what degree — mid-market IT decision-makers
understand its potential. We also reveal the extent to which they consider artificial intelligence
to be a cyber security threat and/or threat mitigation tool.

This year, we take a deep dive into cyber security, looking at investment priorities, the top ten
threats and the main challenges or barriers to implementing effective countermeasures. We’ve
also introduced a section on mid-market environmental, social and governance (ESG) policy
adoption. In this section, IT decision-makers consider whether ESG supports their broader IT
strategy — and the benefits it could bring their organisations. We also look at the influence
that ESG policy implementation has on their choice of IT suppliers and technology partners.

We’ve included selected data from previous editions of the report to compare IT budgets, IT
skills, digital transformation and evolving compliance challenges, which replaces our annual
formal benchmarking report.

MID-MARKET REPORT 3
NODE4 2024 IT PRIORITIES

Key Themes and

Findings
PART 1: IT BUDGET TRENDS
There has been a marked decrease in mid-market IT budgets over the past three years. In 2021, the
majority were in the region of £6,000,001 - £8,000,000. In 2022, this dropped to £4,500,001 - £6,000,000
and fell further in 2023 to £1,500,001 - £3,000,000. IT budgets as a percentage of annual turnover have
also fallen dramatically since 2021. At that point, most companies had an IT budget of 19 - 20% of their
annual turnover that year. This dropped to 15 - 16% in 2022 and fell further to 9 - 10% in 2023.

PART 2: MID-MARKET OBJECTIVES FOR 2024

Close to a quarter (24%) of respondents said increasing hybrid cloud development is their most
important objective for the next 12 months. This was followed by improving customer experience
(23%), business growth (22%) and aligning IT strategy with wider ESG goals (22%).

PART 3: MID-MARKET COMPLIANCE CHALLENGES

Managing multiple compliance regimes is the top compliance-related challenge for IT decision-
makers (18%). Other challenges include access controls (17%), data security (16%) and ESG (16%).

PART 4: CYBER SECURITY AND RESILIENCE IN THE MID-MARKET

This year’s top cyber security priorities are to improve threat intelligence (33%) and deal with AI-
related threats (33%). Respondents identified insider threat (31%), AI (30%) and ransomware (30%) as
the top three cyber security threats for 2024.

PART 5: DATA STRATEGY AND DIGITAL TRANSFORMATION

IT decision-makers in mid-market organisations told us that the performance of existing data
environments and migration of data systems (both 37%) are their top data strategy priorities for
2024. Responding to industry disruption (30%) and improving environmental sustainability and social
impact (26%) are their two main digital transformation drivers.

PART 6: ARTIFICIAL INTELLIGENCE AND THE MID-MARKET

Respondents said their biggest fear about the use of AI within their organisations was the potential
for it to replace existing jobs. They’re also worried it could expose their organisation to new cyber
security risks and accidentally reveal sensitive corporate information. Just over half said they have
policies in place to mitigate against these and other AI-related security concerns.

PART 7: SUSTAINABILITY AND ESG TECHNOLOGY INITIATIVES

Mid-market IT decision-makers are mostly positive about ESG; 28% said they find it helpful (vs. 15%
who find it unhelpful), and 22% said it was useful (vs. 16% who find it a distraction). Respondents
see customer loyalty (27%), competitive advantage (26%) and innovation and growth (26%) as the top
three benefits of following ESG principles.

MID-MARKET REPORT 4
NODE4 2024 IT PRIORITIES

PART ONE

Mid-Market IT
Budget Trends
2021-2024
How have mid-market IT budgets
changed since 2021?

MID-MARKET REPORT 6
NODE4 2024 IT PRIORITIES

What is your IT budget for the next 12 months?

2021 Less than £250,000

£250,000 - £500,000
0%

>1%

£500,001 - £750,000 >1%

£750,001 - £1,000,000 1%

£1,000,001 - £1,500,000 5%

£1,500,001 - £3,000,000 9%

£3,000,001 - £4,500,000 15%

£4,500,001 - £6,000,000 27%

£6,000,001 - £8,000,000 30%

£8,000,001 - £10,000,000 10%

More than £10,000,000 2%

2022 Less than £250,000

£250,000 - £500,000
0%

0%

£500,001 - £750,000 >1%

£750,001 - £1,000,000 6%

£1,000,001 - £1,500,000 6%

£1,500,001 - £3,000,000 14%

£3,000,001 - £4,500,000 15%

£4,500,001 - £6,000,000 26%

£6,000,001 - £8,000,000 22%

£8,000,001 - £10,000,000 11%

More than £10,000,000 >1%

2023 Less than £250,000

£250,000 - £500,000
1%

5%

£500,001 - £750,000 5%

£750,001 - £1,000,000 4%

£1,000,001 - £1,500,000 11%

£1,500,001 - £3,000,000 22%

£3,000,001 - £4,500,000 18%

£4,500,001 - £6,000,000 11%

£6,000,001 - £8,000,000 8%

£8,000,001 - £10,000,000 12%

More than £10,000,000 2%

MID-MARKET REPORT 7
NODE4 2024 IT PRIORITIES

IT BUDGETS REFLECT SHIFTING MACROECONOMIC CONDITIONS

Our data shows IT budgets have consolidated in the mid-range over the last three years —
reflecting the shifting macroeconomic conditions in which mid-market organisations operate.

Accumulating this data over the last three years has allowed us to pinpoint key moments when
those shifts have occurred, as well as providing some potential explanations. In 2021, we saw
the impact that COVID and work-from-home legislation had on the mid-market, which in turn,
saw IT budgets generally increase across the board. This facilitated the fast adoption of remote
working technology that enabled many mid-market organisations to continue operating during
the pandemic.

In our 2022 report, we charted the start of rising inflationary pressures on the mid-market —
particularly in fuel and energy costs — and saw how they began to eat into IT budgets. At that
time, over half of respondents thought rising energy costs were impacting their IT budget, and
almost 90% said these factors would significantly impact them in 2023. IT budget-related data
from this year’s research suggests they might have been correct.

In 2021, 39% of respondents said that their IT budgets would need to increase significantly to
meet the ambitions of their IT team — but we can see from the chart on the previous page that
the average IT budget fell the following year. In 2022, 36% said the same thing; twelve months
later, IT budgets have, once again, been dramatically reduced.

Many of the findings in this report highlight the impact of consistently squeezed margins and
persisting inflationary pressures on mid-market IT budgets. As we look further into the findings,
we’ll see how both these factors could be forcing IT teams to find urgent and significant cost
savings — and to seek new ways to support organisational growth targets.

MID-MARKET REPORT 8
What percentage of your organisation’s annual turnover is
your IT Budget?

2021 Less than 5% >1%

6 - 8% >1%

9 - 10% 3%

11- 12% 5%

13 - 14% 15%

15 - 16% 16%

17 - 18% 23%

19 - 20% 26%

21 - 22% 9%

More than 22% 3%

2022
Less than 5% 0%

6 - 8% >1%

9 - 10% 1%

11- 12% 8%

13 - 14% 19%

15 - 16% 27%

17 - 18% 20%

19 - 20% 18%

21 - 22% 4%

More than 22% >1%

2023 Less than 5%

6 - 8%
6%

23%

9 - 10% 28%

11- 12% 10%

13 - 14% 10%

15 - 16% 13%

17 - 18% 6%

19 - 20% 3%

21 - 22% 1%

More than 22% 0%

These squeezed margins and inflationary pressures could also explain why IT budgets as
a percentage of annual turnover have fallen so dramatically since 2021. That year, most
companies (26%) had an IT budget of 19 - 20% of their annual turnover. This dropped to 15 -
16% in 2022 and fell further to 9 - 10% this year.
NODE4 2024 IT PRIORITIES

HAVE IT BUDGETS BEEN ALLOCATED TO DIFFERENT BUSINESS DEPARTMENTS?

Another reason for this decrease could be that the responsibility and power for purchasing
and implementing IT infrastructure no longer rests exclusively with IT teams. Mid-market IT
spending may well be continuing at around the same levels, but some of that IT budget might
have been reallocated to other business areas. Those teams may be able to entirely bypass the
IT department — especially if they are purchasing Software as a Service (SaaS) offerings.

Even if they’re not exclusively paying for IT solutions, other business teams may still be directly
involved in IT purchasing decisions. Our findings lend credence to this suggestion: Respondents
told us that over the next 12 months, finance teams (19%), security teams (16%), marketing
teams (16%) and HR teams (11%) would be involved in decision-making and selection
processes for IT investments.

We dealt with this issue in some depth in last year’s report, exploring the links between growth
in officially sanctioned shadow IT and the extent to which other business departments were
bypassing IT teams to purchase their own IT infrastructure. To read more on this subject,
please visit our website and download a copy.

MID-MARKET REPORT 10
NODE4 2024 IT PRIORITIES

PART TWO

Mid-Market
Objectives
for 2024
What are your most important IT objectives for the
next 12 months? (select up to three)

Increasing hybrid cloud development 24%

Improving customer experience 23%

Business growth 22%

Aligning IT strategy with wider corporate ESG goals 22%

Strengthening and increasing security 21%

Hiring and developing new in-house skills 21%

Managing cost 20%

Meeting compliance challenges 20%

Optimising the remote working experience 19%

Getting to grips with artificial intelligence 18%

Reducing shadow IT 18%

MID-MARKET REPORT 12
PLANNED HYBRID CLOUD UPTAKE FOR 2025

Increasing hybrid cloud development is the top priority for mid-market IT decision-makers. This
makes sense when you consider that just 14% of respondents said they have a predominantly
hybrid cloud infrastructure (compared with 40% public cloud and 31% private cloud).

Tighter budgets and financial pressures may be slowing adoption rates, but ultimately, we
believe hybrid cloud is the next logical step for these businesses. This is supported by our
conversations with clients who tell us that they’re generally adopting a hybrid cloud as it offers
the best of all worlds for their digital transformation journeys.

CLOSER ALIGNMENT WITH IT STRATEGY AND ESG GOALS

It’s worth noting that our respondents stated that aligning their IT strategy with broader
ESG goals is one of their top three priorities. With generally smaller IT budgets and financial
pressure from the rest of the business, we might have thought ESG would slip further down the
list. As we’ll see later in the report, this might be because ESG initiatives are being viewed as a
potential driver for economic growth and market leadership.

ARTIFICIAL INTELLIGENCE ON THE BACKBURNER

We’ll talk more about AI adoption in Part 6. However, it’s important to point out that across
the entire sample, just 18% of respondents said getting to grips with artificial intelligence was
one of their most important IT objectives for 2024 — making it one of their lowest priorities
over the next 12 months. But, as we’ll see in the next chart, based on our data, the degree of AI
prioritisation depends on an organisation’s size.
NODE4 2024 IT PRIORITIES

What are your most important objectives for the next

12 months? (by company size)
The top three options for each company size are highlighted in orange.

100–249 250-499 500-1000

Objective employees employees employees

Increasing hybrid cloud development 24% 24% 23%

Improving customer experience 25% 26% 19%

Business growth 22% 21% 24%

Aligning IT strategy with wider corporate ESG goals 22% 23% 21%

Strengthening and increasing security 24% 20% 19%

21% 22% 22%

Hiring and developing new in-house skills
18% 19% 24%
Managing cost
23% 15% 21%
Meeting compliance challenges

Optimising the remote working 15% 23% 20%

18% 15% 24%

Getting to grips with artificial intelligence
17% 18% 18%
Reducing shadow IT

Getting to grips with AI is one of the most important objectives for organisations with 500
– 1000 employees. Almost a quarter (24%) said it was an important objective compared to
companies with 100 – 249 employees (18%) and 250 – 499 employees (15%). This might be
down to differences in skill level, capability and budget to invest in AI. They could also be better
placed to use this technology to facilitate business growth or manage costs.

Smaller mid-market organisations are less concerned about optimising their remote working
experience. Presumably, this is because they’re less likely to have distributed workforces. Cost
management is more important in larger (and probably more established) companies as it’s
more likely they have inefficient processes.

MID-MARKET REPORT 14
PART THREE

Mid-Market
Compliance
Challenges
What are your primary compliance challenges over the
next 12 months?
Managing multiple compliance regimes 18%
Access controls 17%
Data security 16%
ESG 16%
Encryption 15%
Data governance 15%
GDPR 15%
Long-term data retention 14%
Bring your own device (BYOD) 14%
Data loss prevention (DLP) 13%
Data sovereignty 13%
Artificial intelligence applications within your organisation 13%
Artificial intelligence applications outside your organisation 12%
Third-party access 12%
PCI DSS 11%
Outdated policies 11%

In each of our reports, managing multiple compliance regimes has featured in the top five compliance
challenges faced by mid-market IT decision-makers. In 2021/22, it was the joint top challenge alongside
long-term data retention and governance. In 2022/23, it was relegated to the fifth biggest challenge
behind Bring Your Own Device (BYOD) fourth place, outdated policies (third), data security (second) and
data loss prevention.

This year, once again, it’s top of the compliance challenge to-do list. This could be related to the trend
around business growth, as mid-market organisations adopt new compliance regimes to access new
markets. Alternatively, it could be the result of compliance regimes being adopted to deal with the wave
of generative AI — although our analysis in Part 6 suggests this is less of a priority.
What are your primary compliance challenges over the
next 12 months? (by company size)
100–249 250-499 500-1000
Primary compliance objective employees employees employees

Managing multiple compliance regimes 19% 19% 15%

Access controls 14% 20% 19%

Data security 18% 17% 13%

ESG 16% 14% 18%

Encryption 14% 15% 17%

Data governance 15% 15% 13%

GDPR 10% 17% 18%

Bring your own device (BYOD) 19% 10% 13%

Data loss prevention (DLP) 17% 13% 9%

Data sovereignty 10% 14% 14%

Long-term data retention 15% 11% 15%

Artificial intelligence applications within your organisation 12% 14% 12%

Artificial intelligence applications outside your organisation 12% 12% 12%

Third-party access 11% 13% 10%

PCI DSS 11% 11% 10%

Outdated policies 9% 12% 13%

SECURE REMOTE ACCESS IS STILL DIFFICULT FOR SMALLER

MID-MARKET COMPANIES
Data security, BYOD and DLP are more challenging for smaller mid-market organisations. It’s a common
theme that coalesces around providing secure remote access to corporate data. It suggests smaller
organisations have yet to resolve these challenges. They are likely to be behind their larger competitors
in deploying measures that could assist them, such as zero trust architecture. In addition, larger
companies are more likely to have distributed workforces and, as such, more likely to have mature data
access and BYOD policies.

ESG RESPONSIBILITIES FOR COMPANIES WITH OVER 500 EMPLOYEES

ESG is higher up the compliance agenda for mid-market companies with over 500 employees. This
could be because the Companies Act stipulates these organisations must supply ESG reporting and
sustainability details, such as energy use and carbon emissions, as part of their annual reports. At
the time of writing, many other ESG components remain optional but could still be addressed by
organisations as a means of futureproofing, enhancing their reputation and differentiating their offering.
“Many clients have told us they must
demonstrate ESG compliance within
tenders or contract bids. So, although
there are costs involved in bringing
ESG compliance standards up to the
necessary levels and subsequently
maintaining them, it’s seen as a
pivotal way of securing new business
and maintaining existing customer
relationships.”
NODE4 2024 IT PRIORITIES

PART FOUR

Cyber Security
and Resilience
in the Mid-
Market Cyber Security
Priorities for 2024

What are your top cyber security priorities for 2024?

(select up to three)

Dealing with the AI-related threats 33%

Improving threat intelligence 33%
Strengthening cyber security resilience & reducing likelihood
31%
of security breaches

Strengthening cyber security governance 28%

Protecting your organisation’s brand reputation 26%

Training and education of users around cyber threats 26%

Lowering insurance premiums 25%

A picture of a more mature and proactive cyber security posture across the mid-market is
emerging — not least because of the high priority placed on improving threat intelligence
and dealing with AI-related threats. The high importance of threat intelligence improvements
compared with more basic concerns such as protecting brand reputation lends weight to this
argument.

MID-MARKET REPORT 20
What are your top cyber security priorities for 2024?
(by sector)

Comparing the top priority for each

vertical sector indicates the relative
maturity of cyber security policies in
Private
each market, and the ability to cope healthcare
with potential threats.
Improving threat
(43%) intelligence

Finance Retail
Improving threat Strengthening cyber
(33%) intelligence (38%) security/reducing
breaches

Insurance Transport
Dealing with Strengthening cyber
(40%) AI-related (33%) security/reducing
threats breaches
NODE4 2024 IT PRIORITIES

The mid-market’s top ten cyber security threats for 2024

Threat Percentage

1. Insider threat 31%

2 . AI-related 30%

3 . Ransomware 30%

4 . Deep fake 30%

5 . Malware 26%

6 . DoS attack 23%

7 . Supply chain attack 16%

8 . Phishing 16%

9 . Zero day 7%

10 . Scams and fraud 3%

According to IT decision-makers, insider threat is this year’s top mid-market cyber security
threat. This trend may be attributed to an elevated number of job transitions and redundancies
observed over the past 12 months, coupled with the growing reliance on contractors to
address skill gaps. It’s worth noting that last year, lack of skills was one of their top ten barriers
to IT investment — rising year-on-year from 16% in 2021. It could also be linked to long-term
security-related worries, flexible working and the increased potential for cyber attacks on a
distributed workforce.

Drilling down into the data, finance (33%) and private healthcare (33%) respondents said
insider threat was their top cyber security risk. IT decision-makers from the insurance sector
told us they thought it was ransomware (39%), while those in the retail sector stated it was
DoS attacks (36%). Respondents from the transport sector said they thought AI-related threats
were the most serious for them this year (33%).

MID-MARKET REPORT 22
NODE4 2024 IT PRIORITIES

How are mid-market

organisations tackling
cyber security threats?
Which of these cyber security offerings do you currently
have in place?
Cyber security offering Percentage

Cyber insurance 45%

Dark web intelligence 41%

Incident response 40%

Ransomware negotiation capability 35%

We have no cyber security offerings in place >1%

Although cyber insurance is the most popular option (45%), we thought it would have
been even more popular amongst IT decision-makers. It’s possible that soaring premiums
and stricter acceptance criteria have pushed the barriers for entry beyond mid-market
organisations, forcing them to redouble their efforts on pre-crime and preventative measures
such as dark web intelligence. This could also explain the relatively high take-up of incident
response (40%) and ransomware negotiation capabilities (35%) as damage limitation options.

MID-MARKET REPORT 23
Which of these cyber security offerings do you currently
have in place? (by company size)

Objective 100–249 250-499 500-1000

employees employees employees

Incident response 41% 39% 42%

Dark web intelligence 44% 38% 40%

Cyber insurance 46% 43% 43%

Ransomware negotiation capability 30% 35% 40%

We might have expected the smallest mid-sector companies to have relatively lower cyber security
adoption levels, implementing only the most basic cyber threat strategies. But the fact that numbers
don’t vary much and are largely around 40% implies that cyber security offering uptake has less to do
with the size of an organisation and more to do with the sector in which it operates — as illustrated in
the following charts.

Indeed, if anything, smaller organisations have slightly higher adoption rates of dark web intelligence
and cyber insurance. This, in turn, could indicate that they are potentially more agile and responsive
to cyber threats than larger mid-market organisations. Or they might be taking their lead from their
managed service provider. Just 8% of mid-market organisations with 100 - 249 employees manage
cyber security in-house with internal staff, while the majority (42%) co-manage cyber security with their
MSP.

Which of these cyber security offerings do you currently

have in place? (by sector)

Finance Private healthcare Insurance

Incident response 36% Incident response 30% Incident response 38%
Dark web intelligence 47% Dark web intelligence 38% Dark web intelligence 45%
Cyber insurance 42% Cyber insurance 52% Cyber insurance 53%
Ransomware negotiation 25% Ransomware negotiation 34% Ransomware negotiation 35%
None in place 1% None in place 0% None in place 0%

Retail Transport
Incident response 44% Incident response 53%
Dark web intelligence 31% Dark web intelligence 42%
Cyber insurance 42% Cyber insurance 33%
Ransomware negotiation 38% Ransomware negotiation 43%
None in place 0% None in place 0%
Assessing cyber
security confidence
across the mid-market
How confident are you in your organisation’s ability to
prevent and respond to cyber attacks?

Not confident at all — 3%

Very confident — 27%

Not very confident — 14%

Somewhat confident — 56%

Private
Finance healthcare Insurance Retail Transport

88% 89% 81% 77% 81%

Private healthcare companies are the most confident (89%), while retail organisations are the least
confident.

We were surprised by these high confidence levels, but it does tie in with our earlier discussion about the
mid-market’s increasingly mature cyber security posture.

It’s possible to infer that the somewhat confident response from more than half of respondents means
they have a fairly well designed and tested cyber attack response playbook. For example, we know
clients have invested in incident response, which could be giving them a confidence boost. However, the
27% of respondents who said they’re very confident could have successfully defended or mitigated a
cyber attack. They might also be very thorough with their incident response testing and security posture.

For further context, it’s important to note that these findings are set against a backdrop of increased
cybercriminal activity that’s directed at mid-market organisations. The UK Government’s Cyber Security
Breaches Survey 2023 reports that 32% of businesses recall breaches or attacks from the last 12
months. This is much higher for medium businesses (59%).

Although attacks are on the increase, it’s our feeling that mid-market companies are actually detecting
fewer attacks. This could suggest they’ve taken their eye off the ball – or could it be symptomatic of
growing reliance on third-party cyber security protection solutions? Perhaps, more worryingly, their
confidence is simply misplaced.
What’s stopping mid-market
companies from implementing
effective cyber security
measures?
What are your organisation’s main challenges or barriers
in implementing effective cyber security measures?
(select up to three)
Barrier to implementation Percentage

Awareness 28%

Suitable products/services offered by your primary tech vendor 27%

Suitable services on offer from your cloud provider 26%

In-house skills 25%

Understanding surrounding AI-related security threats 24%

Budget 23%

Resources 22%

Senior management support 20%

Suitable services on offer from your MSP 20%

NOT MY PROBLEM?
Over a quarter of respondents (26%) said their main challenge or barrier to implementing
effective cyber security measures was the lack of suitable cloud provider services. A similar
number (27%) said it was because their primary tech vendor didn’t offer the appropriate
products or services.

This could suggest IT decision-makers want key suppliers like MSPs and cloud providers to
manage cyber security for them — and might be linked to a lack of available IT skills, both
within their organisation and across the IT security market as a whole. After all, a quarter said
they lacked the necessary in-house skills to implement effective cyber security themselves.

IS THIS REFLECTED IN HOW RESPONDENTS MANAGE THEIR CYBER SECURITY NEEDS?

Just 14% of mid-market IT decision-makers manage their cyber security needs with
internal staff, while 35% outsource to managed service providers. Meanwhile, 42% rely on
a combination of in-house resources and their MSP. This could also be indicative of cloud
adoption levels and continued use of on-premises infrastructure by mid-market companies. In
these instances, cloud providers would not be in a position to provide cyber security support.
NODE4 2024 IT PRIORITIES

PART FIVE

Data Strategy
and Digital
Transformation
Data strategy priorities
What are your data strategy priorities for the next 12
months? (select all that apply)

Barrier to implementation Percentage

Performance of the existing data environment 37%

Data systems migration 37%

Building or expanding data warehouse or data lake environments 34%

Availability of the existing data environment 33%

Data systems modernisation 32%

Building or expanding data analytics for improved business intelligence 31%

MID-MARKET REPORT 28
NODE4 2024 IT PRIORITIES

Performance of the existing data environment and migration of data systems (both 37%) are
the joint top data strategy priorities for mid-market IT decision-makers this year. The former is
the most important objective for CTOs (40%), and the latter is the most important for Heads of
IT (42%).

The fact that mid-market IT decision-makers want to build or expand data warehouse or
data lake environments indicates their wish to centralise data and improve analytic and
insight capabilities. This should speed up and focus product and solution development — and
reaffirms the importance of getting the foundations in place to ensure data is accessible and
performant.

These results could also suggest that the groundwork is being prepared for AI adoption — with
a focus on data migration and expanding centralised data storage, improving data availability
and data analytics. The degree to which mid-market companies succeed with their AI strategy
will depend on the effectiveness with which they can leverage their data across IT applications
and infrastructure.

This reflects our experience in the field; many clients don’t currently implement business
analytics and still have islands of data stored across multiple spreadsheets and disparate
IT infrastructure. These clients are looking to take a first step with a trusted IT provider and
implement Microsoft Power BI or similar solutions.

MID-MARKET REPORT 29
NODE4 2024 IT PRIORITIES

Drivers for digital

transformation
What factors are motivating your digital transformation
efforts? (select all that apply)
Digital transformation driver Percentage

Responding to industry disruption 30%

Improving environmental sustainability and social impact 26%

Increasing employee engagement and productivity 25%

Streamlining internal processes 24%

Entering new markets or business models 24%

Leveraging new technologies and innovations 24%

Reducing costs and increasing profitability 23%

Enhancing data security and compliance 22%

Meeting evolving customer expectations 19%

Thinking back to the shrinking year-on-year IT budgets reported by respondents, it’s

unsurprising that the desire to respond to industry disruption is this year’s top digital
transformation driver. There could also be a connection between public cloud (predominately
40%) usage levels and the importance placed on responding to industry disruption, as we
know it is quicker to stand up more advanced, potentially transformative services in the public
cloud.

In addition, we’re starting to see an emerging picture of strong ESG, sustainability and social
impact policy adherence as a means to improve — and often a prerequisite for — revenue
generation and business growth. But to implement ESG successfully, businesses need to
analyse their data to see where their ESG strengths are and where they need to invest more
effort.

It’s also worth making the point here that mid-sector companies have increasingly disparate
workforces, often as a result of cost-cutting-led outsourcing and offshoring initiatives. Perhaps
these factors have resulted in a more disengaged, less productive workforce? If so, IT decision-
makers may hope digital transformation can play a part in reengaging staff and boosting
productivity.

MID-MARKET REPORT 30
NODE4 2024 IT PRIORITIES

What factors are motivating your digital transformation

efforts? (by sector)
Private
Digital transformation driver Finance Healthcare Insurance Retail Transport

Meeting evolving customer expectations 20% 23% 18% 16% 20%

Streamlining internal processes 20% 23% 33% 17% 28%
Entering new markets or business models 17% 23% 24% 28% 27%
Responding to industry disruption 29% 30% 29% 29% 32%
Reducing costs and increasing profitability 15% 23% 31% 20% 27%
Enhancing data security and compliance 22% 21% 24% 20% 22%
Leveraging new technologies and innovations 19% 22% 23% 26% 29%
Improving environmental sustainability and social impact 28% 28% 28% 25% 21%
Increasing employee engagement and productivity 26% 32% 21% 31% 16%

MID-MARKET REPORT 31
PART SIX

Artificial
Intelligence
and the Mid-
Market
How well do IT decision-makers understand AI right now?
Over the last 12 months, the rapid rise and continued development of artificial intelligence have
rarely been out of the headlines — and the race is on for organisations across all sectors to
harness the technology for growth and market leadership. And, as the following charts show,
IT decision-makers in the mid-market appear well-placed to take advantage.

How would you rate your current understanding of AI as it

relates to:
General use in a business setting? Specific use by your organisation?

Poor — 6% Poor — 5%
Excellent — 25% Excellent — 28%
Average — 28% Average — 24%

Good — 41% Good — 44%

Specific use by organisations in your sector?

Poor — 6%
Excellent — 23%
Average — 30%

Good — 41%
Despite this, just 18% of IT decision-makers said getting to grips with artificial intelligence was
one of their most important IT objectives for 2024.

This illustrates our experience with mid-market organisations, who tell us that, in most cases,
AI adoption is on the radar, but there are more immediate and pressing day-to-day demands
on IT resources.

Perhaps this also links back to our findings in the previous section, where we hypothesised
mid-market organisations might be busy right now laying the necessary data foundations for
successful AI implementation.

What worries IT
decision-makers
about AI use in their
organisation?
What, if any, are your main concerns about using AI in your
organisation? (select up to three)
Concerns Percentage

It could replace existing jobs 29%

It could expose us to new cyber security risks 28%

Legal or regulatory uncertainty 28%

There could be ethical implications surrounding its use 25%

A lack of transparency in how decisions are reached 25%

It could accidentally reveal sensitive information held within our organisation 25%

It could produce inaccurate results 24%

Potential bias and discrimination risks 22%

JOB LOSSES ARE #1 AI FEAR

Close to 30% of respondents told us they are concerned that AI deployment could replace
existing jobs. This is curious as, given budgetary pressures, you might imagine that IT decision-
makers would want to adopt technology that would allow them to do more with less and
improve the efficiency of existing resources — particularly if there are skill shortages or a freeze
on hiring. Unless, of course, they’re worried about their own jobs?
NODE4 2024 IT PRIORITIES

What, if any, are your main concerns about using AI in your

organisation? (by sector)
Private
Concerns Finance Healthcare Insurance Retail Transport

It could expose us to new cyber security risks 25% 28% 20% 34% 33%
Legal or regulatory uncertainty 23% 27% 40% 21% 29%
There could be ethical implications surrounding its use 21% 23% 27% 27% 28%
It could produce inaccurate results 20% 24% 32% 27% 20%
A lack of transparency in how decisions are reached 21% 23% 24% 30% 28%

It could accidentally reveal sensitive information held

20% 24% 35% 27% 18%
within our organisation

It could replace existing jobs 36% 27% 27% 29% 25%

Potential bias and discrimination risks 18% 20% 28% 21% 25%

Do you have policies in place right now to mitigate against

these concerns?

No — 49%
Yes — 51% No, but we plan to introduce some
in the next 12 months — 41%

No, and we don’t plan to introduce

any in the next 12 months — 8%

MID-MARKET REPORT 34
Mid-market barriers to
AI adoption
Security concerns
Respondents told us that a lack of security and data quality are the two biggest barriers to AI
adoption. This ties in with earlier concerns, where over a quarter of IT decision-makers think AI
could expose their organisation to new cyber security risks.

These fears are consistent with findings elsewhere in the report, where respondents said
that dealing with AI-related threats was their joint top cyber security investment priority for
the next 12 months. Respondents also identified AI-related security threats as the second
biggest cyber security threat in the next 12 months. Furthermore, almost a quarter said that
a lack of understanding of AI-related security threats was their main challenge or barrier to
implementing effective security measures.

What’s stopping your organisation from adopting AI?

(select all that apply)
Barrier to AI adoption Percentage

Lack of security 24%

Data quality 24%

Data availability 23%

Lack of transparency 22%

Budget 22%

Resources 22%

Legal or regulatory certainty 21%

Expertise 20%

Organisational buy-in 20%

Skills 19%

ARE RESPONDENTS CORRECTLY REPRESENTING THEIR OWN AI KNOWLEDGE?

We think so. Singling out data quality (24%) and data availability (23%) as top AI adoption
barriers suggests a high level of AI understanding — and could be one reason that these
projects are on the backburner for the next 12 months.

It’s also interesting to note that lack of skills is the least mentioned barrier to AI adoption. A
group of less knowledgeable respondents might have been more likely to focus on this aspect
alongside expertise and business buy-in as principal AI adoption barriers.
How do you intend to address these challenges? (select all
that apply)
We’ve broken out the data to show how IT decision-makers plan to deal with their top three AI adoption
challenges.

Data quality Percentage

Cloud provider support 57%

MSP support 35%

Retained consultants 32%

In-house hires 29%

Other 10%

Security Percentage

Cloud provider support 50%

Retained consultants 40%

MSP support 34%

In-house hires 34%

Other 10%

Data availability Percentage

Cloud provider support 50%

MSP support 42%

Retained consultants 36%

In-house hires 28%

Other 9%

Looking at responses across the board, the majority of respondents said they would deal with all AI
adoption challenges through cloud provider support. The only exception to that was resources, which
they said they would solve with MSP support.

Furthermore, in every case apart from expertise (and then only by less than 1%), mid-market IT
decision-makers said they want a third-party solution to solve all their AI-related challenges rather than
considering in-house hires. This might, once again, allude to the lack of available IT skills highlighted in
this and previous editions of the report.

Alternatively, perhaps mid-market companies are looking for managed AI solutions that they can source
from a cloud provider or MSP but run themselves on a day-to-day basis. This, in turn, would tie back to
the high levels of public cloud consumption seen earlier in the report — with the mid-sector using public
cloud for these transformational data and advanced security services.
NODE4 2024 IT PRIORITIES

PART SEVEN

Sustainability
and ESG
Technology
Initiatives
When it comes to pursuing their IT strategies, mid-market
IT decision-makers consider ESG reporting to be:

Unhelpful — 16%
Helpful — 28%

A distraction — 17%

Irrelevant — 18%
Useful — 22%
N/A My organisation doesn’t have an
ESG policy — >1%

A POSITIVE VIEW OF ESG

This overall positive response suggests that ESG reporting is helping IT leaders when it comes
to their wider strategy — particularly in terms of understanding key data points around
emissions usage and other sustainability initiatives. This also ties back to the fact that 26% of
respondents said the desire to improve environmental sustainability and social impact was a
key digital transformation driver. In addition, close to a quarter (22%) of respondents said that
aligning IT strategy with wider corporate ESG goals is one of their top three objectives for 2024
— and the very top IT objective for retail and transport sector companies.

MID-MARKET REPORT 38
NODE4 2024 IT PRIORITIES

What are the main benefits your organisation expects to

gain from adopting sustainable practices and/or following
ESG principles? (select up to three)

ESG benefit Percentage

Customer loyalty 27%

Competitive advantage 26%

Innovation and growth 26%

Improved reputation 25%

Efficiency gains 25%

Customer satisfaction 23%

Improved regulatory compliance 23%

Employee engagement 22%

Cost savings 22%

Over the last 12 months, many clients have told us they must demonstrate ESG compliance
within tenders or contract bids. So, although there are costs involved in bringing ESG
compliance standards up to the necessary levels and subsequently maintaining them, it’s seen
as a pivotal way of securing new business and maintaining existing customer relationships.
This experience in the field, alongside data from our respondents, suggests that IT decision-
makers and the businesses they work for see ESG as an integral part of long-term success and
profitability.

MID-MARKET REPORT 39
NODE4 2024 IT PRIORITIES

Do your IT team’s current ESG-related policies contribute in

a positive way to any of the above? If so, which?

No
Don’t ESG
Yes No Know Policy

Cost savings 42% 27% 26% 5%

Efficiency gains 42% 30% 23% 6%
Competitive advantage 41% 36% 21% 2%
Customer satisfaction 38% 42% 16% 4%
Customer loyalty 49% 31% 17% 3%
Improved regulatory compliance 35% 38% 25% 3%
Improved reputation 43% 35% 20% 1%
Employee engagement 39% 35% 22% 4%
Innovation and growth 55% 26% 16% 3%

With the exception of customer satisfaction and improved regulatory compliance, respondents
said their ESG-related policies contribute in a positive way to wider corporate goals. To us, the
standout response was innovation and growth (55%).

This highlights the importance of ESG as a catalyst for growth across the mid-market — which
we know is a core driver for 2024. Likewise, adopting ESG initiatives as a means for cost
saving, reputational improvement and customer loyalty all suggest it’s being seen as a critical
strategic priority.

MID-MARKET IT DECISION-MAKERS EXPECT THE SAME HIGH ESG STANDARDS

FROM THEIR IT SUPPLIERS AND PARTNERS

Mid-market IT decision-makers think adherence to ESG principles will deliver customer loyalty
and competitive advantage. They are certainly practising what they preach: alongside analyst
reports, respondents said that ESG reports would be the most important source of information
for selecting potential IT suppliers over the next 12 months, and almost a quarter (24%) are
likely to use published ESG reports in their selection processes. In addition, they told us that
strong ESG credentials are more important than service ecosystems, support services and
solution maturity when deciding to invest in a new IT supplier.

MID-MARKET REPORT 40
Conclusions
The data we’ve gathered over the last three years shows mid-market IT budgets are tighter
than ever. And, although they have fewer financial resources, IT decision-makers are all too
aware of the pivotal role they must play in helping their organisation thrive. As such, digital
transformation efforts are focused on a desire for growth within increasingly disrupted markets
and the need to increase employee engagement and productivity.

Respondents are also keenly aware of the need to do more with less, citing managing costs
as a central IT objective. AI has the potential to help in this regard. But as we’ve seen, mid-
market IT decision-makers generally view this as a lower priority for the next 12 months —
even worrying that the technology could lead to job losses. This could be an indication of the
vulnerability they feel in the face of budget cuts and tougher market conditions.

AI’s lower priority in the short term could be due to the large amount of preparatory work that
needs to be carried out around data quality and availability — and a feeling that, right now,
AI is very much a cost centre rather than a revenue generator. This may also explain why
mid-market companies will ultimately turn to cloud providers and MSPs for a faster and more
efficient way to realise their AI-related ambitions.

Unlike AI, mid-market IT decision-makers see ESG as an immediate way to stimulate growth,
gain competitive advantage and innovate — and are keen to align their IT strategies with
wider corporate ESG goals. Their responses to all our ESG-related questions, both in the
dedicated section and throughout the rest of the report, show that their commitment to its
principles goes far beyond superficial lip service and the basic required reporting commitments
— and that it’s woven into the fabric of their IT strategies. It’s also a key driver for digital
transformation.

We’ve also seen tentative levels of confidence emerge around cyber security, with over half of
respondents stating that they’re somewhat confident in their ability to prevent and respond
to incidents. This suggests a growing reliance on third-party and managed cyber security
solutions. Clearly, some mid-sector organisations have settled into established long-term
relationships with third-party cyber security solutions providers — giving them confidence in
their security posture despite lower budgets, fewer resources and in-house skills.

However, around a quarter of respondents stated that a lack of suitable services from cloud
providers, primary tech partners and MSPs was their principal barrier to effective cyber
security implementation. This suggests not every mid-market organisation has found its ideal
cyber security solutions provider. What’s obvious, however, is that the mid-market has become
increasingly reliant on third-party support to do the heavy lifting for its cyber security strategy
implementation.

Across each of the areas covered in this report, trusted IT partners, including MSPs and
cloud vendors, continue to provide the backbone of support to most mid-market companies,
particularly when it comes to ensuring data availability and data quality. As such, choosing the
right IT partner at the outset of any project and before embarking on a digital transformation
journey will be critical. Indeed, it will be a key factor in helping IT decision-makers achieve their
IT objectives while battling with tighter IT budgets, fewer skilled in-house IT team members
and increasingly distributed workforces.
Methodology
The Mid-Market IT Priorities Report 2024 is based on a survey conducted independently and
exclusively for Node4 by Censuswide. It reveals the views of 503 IT decision-makers across the
private healthcare, transport, retail, finance and insurance sectors. The survey was conducted
amongst Heads of IT, IT Directors, CIOs, CTOs and IT Managers in companies with 100-
1,000 employees, with an equal split for each job title across each sector. This year’s report
also references data from the Mid-Market IT Priorities Report 2021/2022 and the Mid-Market
IT Priorities Report 2022/2023. These reports surveyed 459 and 300 IT decision-makers
respectively — both covering the insurance, transport and logistics, healthcare and online retail
sectors.
Want to talk about the
Mid-Market Report?
To speak to us about the priorities
and challenges revealed in the
report, and how they impact your CONTACT US
business, please get in touch today.
Node4 Ltd Registered in England No. 04759927
VAT: 192 2491 01 Registered Address:
Millennium Way, Pride Park, Derby DE24 8HZ
T: 0345 123 2222 E: info@[Link]
[Link]