2025 SMB Threat Landscape Report

Wi-Fi or network disruptions (52%) were the most common cyber disruptions faced by SMBs in the past 12 months.

SMBs are twice as likely to be unaware they’ve been breached by more sophisticated attacks, like a deepfake, compared with more common threats like network downtime.

16% of SMBs never back up their data.

Phishing texts and emails (48%) were a common cyber disruption faced by SMBs in the past 12 months.

49% of SMBs believe AI will be most useful in offering real-time threat response recommendations.

50% of SMB tech stacks include antivirus software.

32% of SMBs lack the budget to hire more cyber staff.

24% of SMBs were targeted by malware in the past 12 months.

55% of SMBs believe AI will be most useful in identifying threats before they impact business operations.

A successful cyberattack would force nearly 1 in 5 SMBs to close.

49% of SMBs believe AI will be most useful in flagging phishing emails and texts.

23% of SMBs use easily hackable passwords with a pet’s name, a series of numbers, or a family member’s name.

For nearly a third of SMBs, a cyberattack with minimal financial impact – less than $10,000 – would cause them to shut down.

The risk of business downtime (55%) from cyberattacks is a concern for SMB owners.

22% of SMBs have deployed dark web monitoring.

19% of SMBs experienced deepfake attacks in the past 12 months.

Over half of SMB owners (52%) see cybersecurity as a revenue booster

Fake social media accounts or website domains (32%) were a common cyber disruption faced by SMBs in the past 12 months.

18% of SMBs have deployed penetration testing.

14% of SMBs experienced ransomware attacks in the past 12 months.

47% of SMB tech stacks include network scanning.

19% of SMBs experienced denial of service attacks in the past 12 months.

60% of SMBs recognise they’re the most likely target for cybercriminals.

74% of SMBs are self-managing cybersecurity or relying on untrained family members or friends.

33% of SMBs have outdated cyber technology.

14% of SMBs don’t require multi-factor authentication.

Cybersecurity (48%) has emerged as the second highest business concern for SMBs.

29% of SMBs have deployed endpoint security.

Loss of customers (36%) from cyberattacks is a concern for SMB owners.

80% of SMBs recognise they have cyber vulnerabilities.

Only 15% of SMBs hired an internal IT person or outsourced to a Managed Security Service Provider (MSSP).

44% of SMB tech stacks include firewalls.

20% of SMBs have no access to cyber technology at all.

Lower sales (22%) from cyberattacks is a concern for SMB owners.

65% of SMBs report cybersecurity as the #1 business function that could be managed more effectively with artificial intelligence (AI).