More than four-in-ten small businesses in the United States have fallen victim to cyber attacks, underscoring a pressing need for improved cybersecurity measures. A recent survey conducted by cybersecurity platform Guardz highlights that 43% of small and medium-sized businesses (SMBs) have experienced at least one cyber attack in the past five years. Alarmingly, the data shows that the threat landscape is expected to worsen, with over 60% of respondents anticipating increased cyber risks in the coming year.
Despite recognizing the heightened threat, many SMBs are not adequately prepared to defend against future attacks. The survey revealed that 52% of respondents depend on untrained internal staff or business owners themselves to manage critical security functions. Only 34% of SMB owners have developed a formal incident response or continuity plan in collaboration with cybersecurity professionals, and 27% lack cyber insurance altogether. Significantly, one-third of business owners are personally responsible for handling alerts and resolving incidents, while 13% rely on untrained employees for these critical tasks.
“By 2025, SMBs are confronting the reality that cyber threats are no longer distant possibilities, but daily risks with the potential to disrupt or even destroy a business,” said Dor Eisner, CEO and co-founder of Guardz.
Common Threats and Recovery Rates
The survey indicates that phishing, ransomware, and employee errors are among the most common threats facing SMBs. Notably, 45% of respondents identified employee negligence as their primary cybersecurity concern, particularly in sectors such as education. While 43% of SMBs reported experiencing a cyber attack within the past five years, 27%64% of business owners indicated they managed to recover quickly from attacks, demonstrating some improvement in handling these situations. Only 3% reported suffering severe, lasting damage.
Need for Enhanced Security Measures
Despite some positive recovery trends, the Guardz study emphasizes that many small businesses still face significant gaps in their cybersecurity strategies. While 58% of SMBs utilize network firewalls, 52% employ email spam filters, and 41% have endpoint protection, 26% do not conduct regular penetration tests or security assessments. Concerns about outdated technologies are prevalent, with 42% of SMBs expressing unease; healthcare businesses are particularly anxious about this issue.
Financial commitment to cybersecurity is also varied. Half of the surveyed SMBs indicated they have increased their cybersecurity budgets, with 17% reporting significant increases. However, 16% of businesses are spending less than $50 per user annually, and nearly one-third do not know their exact cybersecurity expenditures.
As cyber threats continue to mount, many small businesses are turning to external partners for assistance. Those collaborating with managed service providers (MSPs) cited fears of cyber attacks and a sense of responsibility to customers and stakeholders as primary motivators. The research further revealed that 80% of SMBs with a formal incident response plan were able to mitigate significant damage during an attack.
“This research confirms that businesses increasingly recognize the value of experienced service partners. Those that try to manage risk on their own lack the expertise, resources, and tools needed to stay resilient,” Eisner stated. “The data shows that organizations with strong preparation, grounded in clear processes and trusted partners, are far better positioned to avoid disruption and maintain continuity.”
As small businesses navigate a landscape fraught with cyber risks, the imperative for robust cybersecurity measures has never been more critical.
