.svg){kind=icon}
New Data Shows 80% of SMBs Recognize Their Cyber Vulnerabilities, but Significant Resource Constraints Keep Them at Risk
Chicago, IL and Dublin, Ireland – March 25, 2025 – VikingCloud, the leading predict-to-prevent cybersecurity and compliance company, today released new research revealing that a successful cyberattack would force nearly 1 in 5 small- and medium-sized businesses (SMBs) to close their doors. For nearly a third of SMBs, a cyberattack with minimal financial impact—less than $10,000—would cause them to shut down.
As a result, cybersecurity (48%) has emerged as the second highest business concern for SMBs, with inflation/rising costs (67%) at the top, and recession/reduced consumer spending (46%) also a significant issue.
The data – gathered from a quantitative survey of SMB owners across North America - shows a growing awareness of the dangers of cyberattacks. 60% of SMBs recognize they’re the most likely target for cybercriminals. Yet, there are concerning gaps in their cyber defenses, such as self-managing cybersecurity or relying on untrained family members or friends (74%), having outdated cyber technology (33%), or no access to technology at all (20%).
“SMBs are not always cyber aware. It makes them the lowest hanging fruit for cybercriminals to get a quick pay day,” said Kevin Pierce, Chief Product Officer at VikingCloud. “Today, SMB owners recognize how important cybersecurity is, but they’re still stretched too thin and lack the resources to develop an effective cyber program. Our latest research shows that cybersecurity is business critical for SMBs – and a key driver in keeping their doors open or shut for good.”
VikingCloud’s research – The 2025 SMB Threat Landscape Report: Small and Medium Businesses, Big Cybersecurity Risks – also uncovered:
- Simple mistakes increase SMB vulnerabilities: 80% recognize they have cyber vulnerabilities, and yet they use easily hackable passwords with a pet’s name, a series of numbers, or a family member’s name (23%), never back up their data (16%), and don’t require multi-factor authentication (14%).
- Resource constraints impact security: SMB tech stacks include the basics like antivirus software (50%), network scanning (47%), and firewalls (44%). But few are equipped for modern threats and haven’t deployed endpoint security (29%), dark web monitoring (22%), and penetration testing (18%). In addition, 32% lack the budget to hire more cyber staff, and only 15% hired an internal IT person or outsourced to a Managed Security Service Provider (MSSP).
- Growing hacker sophistication makes attacks harder to detect and stop: Wi-Fi or network disruptions (52%), phishing texts and emails (48%), and fake social media accounts or website domains (32%) were the most common cyber disruptions faced in the past 12 months. SMBs are also a growing target for malware (24%), denial of service (19%), deepfake attacks (19%), and ransomware (14%). SMBs are also twice as likely to be unaware they’ve been breached by more sophisticated attacks, like a deepfake, compared with more common threats like network downtime.
- Financial fallout goes far beyond initial impact: The risk of business downtime (55%), loss of customers (36%), and lower sales (22%) from cyberattacks are keeping SMB owners up at night.
AI as a Lever for Resilience
65% of SMBs report cybersecurity as the #1 business function that could be managed more effectively with artificial intelligence (AI), ranking ahead of sales and marketing (41%), customer service (32%), and human resources (27%). They believe AI will be most useful in identifying threats before they impact business operations (55%), flagging phishing emails and texts (49%), and offering real-time threat response recommendations (49%).
“AI isn’t just another tech tool to help SMBs manage their online defense better – it’s key to faster growth,” said Pierce. “Over half of SMB owners (52%) see cybersecurity as a revenue booster. When they trust their tech solutions have their back, they have the confidence to focus on building their business.”
Click here to download the full report.
VikingCloud's previous cybersecurity research reports are available at the following links:
About VikingCloud
VikingCloud is the leading cybersecurity and PCI compliance company, offering businesses a single, integrated solution to make informed, predictive, and cost-effective risk mitigation decisions – faster. VikingCloud is the one-stop partner trusted by 4+ million businesses in 70+ countries to provide the predictive intelligence and competitive edge they need to stay one step ahead of cybersecurity and compliance disruptions to their business. For more information visit www.vikingcloud.com and follow us at www.linkedin.com/company/vikingcloud/.
Media Contact
Jake Scearbo, Corporate Ink for VikingCloud
508.561.2449 | vikingcloud@corporateink.com
Related Press & News
the changing world of Cybersecurity and PCI Compliance.
