SMBs
We've curated 78 cybersecurity statistics about SMBs to help you understand how small and medium-sized businesses are tackling evolving threats and implementing new technologies to protect their valuable data in 2025.
Showing 41-60 of 78 results
41% of SMB owners and cyber leaders prioritized employee training on non-security topics like customer service or sales over new cybersecurity investments in the past year.
10% of small to mid-size organizations disagree with the statement “We have observed a significant increase in sophisticated, AI-driven social engineering attacks targeting our employees in the past 12 months.”
32% of SMBs perform penetration testing.
46% of SMBs saw AI-generated phishing in the past 12 months.
41% of SMBs have endpoint protection.
In one-third (33%) of cases, the SMB business owner personally handles alerts and incident resolution.
16% of SMBs allocate less than $50 per user on security annually.
43% of SMBs report they experienced a cyberattack in the past 5 years.
58% of SMBs use network firewalls.
52% of SMBs employ email/spam filters.
17% of SMBs significantly increased their cybersecurity spend.
27% of SMBs said they were targeted in the past 12 months.
64% of SMB owners reportedly recovered quickly from a cyber attack.
Half of SMBs reported increasing their cybersecurity budgets.
80% of SMBs with a formal incident response plan in place were able to avoid major damage during an attack.
31% of SMB owners don't know exactly how much they spend on cybersecurity.
Only 34% of SMB owners have a formal incident response or continuity plan developed with a cybersecurity professional.
13% of SMBs rely on untrained employees to handle alerts.
45% of SMBs cite employee negligence as their biggest cybersecurity concern, particularly acute in the education sector.
27% of SMBs lack cyber insurance.