SMBs
We've curated 78 cybersecurity statistics about SMBs to help you understand how small and medium-sized businesses are tackling evolving threats and implementing new technologies to protect their valuable data in 2025.
Showing 1-20 of 78 results
28% of SMB respondents say AI is creating hyper-personalized social engineering attacks.
26% of SMBs experienced ransomware attacks in the past 12 months.
Three in four small- and medium-sized businesses say cyber incidents, including data breaches and ransomware attacks, are most likely to negatively impact their business this year.
40% of SMBs say the removal of the 16-digit primary account number (PAN) from credit and debit cards will significantly or extremely impact the security of business transactions.
47.2% of SMBs say lack of skills is the key hurdle to resolving security vulnerabilities and incidents.
35% of SMB respondents say AI is creating adaptive and evasive malware.
63% of SMBs have antivirus or antimalware tools.
58% of SMBs have firewalls.
42% of SMB owners and cyber leaders prioritized subscriptions to non-essential software over new cybersecurity investments in the past year.
46.4% of SMBs experienced 3+ incidents in the past 12 months.
29% of SMBs encountered deepfake schemes in the past 12 months.
73% of SMBs experienced Wi‑Fi or network disruptions in the past 12 months.
47.2% of SMBs say alert fatigue is the key hurdle to resolving security vulnerabilities and incidents.
53% of cyber leaders report burnout related to cybersecurity responsibilities.
57% of business owners say security demands cause them to delay or miss growth opportunities.
34% of SMBs admit their cybersecurity technology is outdated.
34% of SMBs have vulnerability scanning.
24% of SMB respondents say AI is lowering the barrier to entry for novice criminals.
42% of SMB owners and cyber leaders prioritized employee hiring, raises, and bonuses over new cybersecurity investments in the past year.
42% of SMB respondents say AI cyberattack speed makes traditional human-driven patching and response times effectively obsolete.