GITNUXREPORT 2026

Smb Cybersecurity Statistics

SMBs faced a surge in cyberattacks last year with damaging financial consequences.

Alexander Schmidt

Alexander Schmidt

Research Analyst specializing in technology and digital transformation trends.

First published: Feb 13, 2026

Our Commitment to Accuracy

Rigorous fact-checking · Reputable sources · Regular updatesLearn more

Key Statistics

Statistic 1

Average SMB data breach cost reached $4.45 million in 2023, up 15% from 2022

Statistic 2

Ransomware payments by SMBs averaged $1.54 million per incident, with 46% paying demands

Statistic 3

Phishing-related losses for SMBs totaled $52 million quarterly in US

Statistic 4

Downtime from DDoS cost SMBs average $40,000 per hour

Statistic 5

BEC fraud drained $43 billion from SMBs globally 2021-2023

Statistic 6

Data recovery post-breach averaged $25,000 for SMBs under 500 employees

Statistic 7

Notification costs after SMB breaches hit $0.25 million on average

Statistic 8

Lost business revenue from breaches equaled 36% of total SMB costs

Statistic 9

SMB insurance premiums rose 25% post-incident, averaging $18,000 annually

Statistic 10

Supply chain breach ripple effects cost SMBs $1.2 million in disruptions

Statistic 11

Credential breach fines under GDPR averaged €450,000 for EU SMBs

Statistic 12

Malware cleanup expenses reached $150,000 per SMB incident

Statistic 13

Legal fees from class actions post-breach: $500,000 for SMBs

Statistic 14

Productivity losses from cyber incidents: 1,200 hours per SMB employee annually, valued at $60,000

Statistic 15

Cloud breach misconfig costs SMBs $100,000 in data storage fees

Statistic 16

Ransomware decryption failures led to $2 million data loss value for SMBs

Statistic 17

IoT breach remediation: $75,000 average for SMB networks

Statistic 18

BEC recovery efforts cost $200,000 including forensics

Statistic 19

Post-breach customer churn: 22%, equating to $300,000 revenue loss yearly

Statistic 20

DDoS mitigation subscriptions jumped to $12,000/year post-attack for SMBs

Statistic 21

Insider threat investigations: $110,000 per case for SMBs

Statistic 22

API breach penalties: $250,000 under PCI-DSS for SMBs

Statistic 23

In 2023, 61% of small and medium-sized businesses (SMBs) experienced at least one cyber attack, with phishing being the most common vector accounting for 36% of incidents

Statistic 24

SMBs with fewer than 100 employees faced a 28% increase in ransomware attacks compared to 2022, totaling over 1.2 million attempts blocked across surveyed firms

Statistic 25

43% of all cyber breaches targeted SMBs, despite them representing only 30% of the market economy

Statistic 26

During Q4 2023, SMBs reported a 15% rise in DDoS attacks, averaging 2.5 attacks per business per month

Statistic 27

74% of SMBs in the US suffered a cyber incident in the past year, with retail sector hit hardest at 82%

Statistic 28

Global SMB cyber attack volume reached 2.4 billion in 2023, a 22% YoY increase

Statistic 29

52% of SMBs experienced phishing attempts weekly, leading to 14% successful compromises

Statistic 30

In Europe, SMBs saw a 31% surge in malware infections, with 68% undetected for over 30 days

Statistic 31

39% of SMBs reported supply chain attacks affecting their operations in 2023

Statistic 32

Australian SMBs faced 1.8 cyber incidents per firm annually, up 19% from prior year

Statistic 33

67% of SMBs in manufacturing sector reported IoT-related attacks, averaging 45 exploits per device

Statistic 34

UK SMBs experienced 25% more BEC scams, costing average £45,000 per incident

Statistic 35

55% of SMBs globally reported increased attack frequency post-COVID

Statistic 36

In 2023, SMB cloud misconfigurations led to 41% of data exposures

Statistic 37

48% of SMBs in healthcare faced HIPAA-violating phishing

Statistic 38

Canadian SMBs saw 29% rise in credential stuffing attacks

Statistic 39

62% of SMBs reported insider threat incidents, mostly accidental

Statistic 40

Asia-Pacific SMBs experienced 3.2 billion attack attempts in H1 2023

Statistic 41

71% of SMBs with remote work reported VPN exploits

Statistic 42

Latin American SMBs faced 34% increase in mobile malware

Statistic 43

53% of SMBs in finance sector hit by API vulnerabilities

Statistic 44

Middle East SMBs saw 27% DDoS volume growth

Statistic 45

59% of SMBs reported social engineering successes

Statistic 46

US SMBs averaged 4.5 attacks per week in 2023

Statistic 47

66% of SMBs in education faced ransomware

Statistic 48

African SMBs reported 22% exploit kit usage in attacks

Statistic 49

49% of SMBs experienced zero-day exploits

Statistic 50

SMBs in construction saw 38% rise in wiper malware

Statistic 51

64% of SMBs reported multi-vector attacks quarterly

Statistic 52

Global SMB IoT attack surface grew 25%, with 1.7M vulnerabilities

Statistic 53

44% of SMBs recovered fully from ransomware within 24 hours due to backups

Statistic 54

Average SMB breach detection time: 277 days, with containment in 84 days

Statistic 55

54% of SMBs restored operations within a week post-incident using offsite backups

Statistic 56

Cyber insurance claims approved for 78% of SMB ransomware cases, accelerating recovery

Statistic 57

37% of SMBs experienced no long-term damage after MFA implementation post-breach

Statistic 58

Incident response teams reformed in 49% of SMBs within 30 days of major breach

Statistic 59

Data restoration success rate: 92% for SMBs with 3-2-1 backup rule compliance

Statistic 60

61% of SMBs reduced future risks by 40% after tabletop exercises

Statistic 61

Post-breach, 52% of SMBs achieved compliance with NIST frameworks within 6 months

Statistic 62

Resilience score improved 35% for SMBs adopting EDR post-incident

Statistic 63

68% of insured SMBs resumed business in under 72 hours after DDoS

Statistic 64

Forensic analysis shortened MTTR by 50% in 45% of SMB recoveries

Statistic 65

Employee retraining post-phishing cut repeat incidents by 63% in SMBs

Statistic 66

Cloud migration post-breach enhanced resilience for 71% of SMBs

Statistic 67

Zero-downtime recovery achieved by 29% of SMBs with hyper-converged infrastructure

Statistic 68

55% of SMBs rebuilt trust via transparency reports after breaches

Statistic 69

Partnership with MSSPs improved recovery time by 60% for 47% SMBs

Statistic 70

Immutable backups prevented re-encryption in 82% of SMB ransomware recoveries

Statistic 71

Annual resilience audits adopted by 38% of SMBs post-incident

Statistic 72

AI-driven threat hunting restored 66% of SMBs faster than manual methods

Statistic 73

73% of SMBs with cyber drills contained incidents under 24 hours

Statistic 74

Supply chain vetting post-breach reduced secondary risks by 51% in SMBs

Statistic 75

Quantum-safe encryption trials boosted long-term resilience in 21% SMBs

Statistic 76

Community sharing via ISACs helped 39% SMBs in sector-wide recoveries

Statistic 77

64% of SMBs reported stronger vendor negotiations post-recovery success

Statistic 78

Automated rollback systems enabled 53% SMBs to revert breaches instantly

Statistic 79

59% of SMBs achieved carbon-neutral recovery ops via green data centers

Statistic 80

Peer benchmarking post-incident improved metrics for 42% SMBs

Statistic 81

Blockchain audit trails aided forensic recovery in 25% advanced SMB cases

Statistic 82

48% of SMBs integrated XDR for holistic resilience post-multiple breaches

Statistic 83

81% of SMBs lack formal cybersecurity training programs, leading to higher vulnerability

Statistic 84

Only 26% of SMBs use multi-factor authentication (MFA) across all accounts

Statistic 85

57% of SMBs have not updated antivirus software in over 6 months

Statistic 86

Just 34% of SMBs conduct regular vulnerability scans, quarterly or more

Statistic 87

72% of SMBs fail to segment their networks, increasing lateral movement risk

Statistic 88

Only 19% of SMBs have incident response plans tested annually

Statistic 89

65% of SMBs use default credentials on devices

Statistic 90

48% of SMBs lack endpoint detection and response (EDR) tools

Statistic 91

Employee phishing simulation training covers only 41% of SMB staff yearly

Statistic 92

69% of SMBs do not encrypt sensitive data at rest or in transit

Statistic 93

Backup testing occurs in just 23% of SMBs monthly

Statistic 94

55% of SMBs have unpatched software vulnerabilities over 90 days old

Statistic 95

Zero-trust architecture adopted by only 14% of SMBs

Statistic 96

76% of SMBs lack web application firewalls (WAF)

Statistic 97

Security awareness training budget is under $1,000/year for 62% SMBs

Statistic 98

51% of SMBs do not monitor privileged accounts

Statistic 99

Email filtering solutions block only 89% of threats in SMBs

Statistic 100

67% of SMBs have no mobile device management (MDM)

Statistic 101

Patch management automated in 29% of SMB environments

Statistic 102

73% of SMBs fail to conduct supplier security audits

Statistic 103

SIEM tools deployed in only 17% of SMBs

Statistic 104

59% of SMBs use single-sign-on (SSO) inadequately

Statistic 105

Regular penetration testing done by 22% of SMBs annually

Statistic 106

Data loss prevention (DLP) policies in place for 31% of SMBs

Statistic 107

Ransomware accounted for 24% of SMB malware detections in 2023, with LockBit variant at 41% share

Statistic 108

Phishing emails targeting SMBs increased 15% YoY, with 91% containing malicious links or attachments

Statistic 109

DDoS attacks on SMBs lasted average 45 hours, peaking at 1.2 Tbps volume

Statistic 110

BEC scams defrauded SMBs of $2.9 billion in 2023, average loss $120,000 per incident

Statistic 111

Supply chain compromises affected 18% of SMBs, via third-party software updates

Statistic 112

Malware variants hit SMBs 3.4 times more than enterprises, with trojans at 29%

Statistic 113

Credential theft via infostealers impacted 52% of SMBs, harvesting 1.5B credentials yearly

Statistic 114

Zero-day exploits used in 12% of SMB breaches, primarily via browsers

Statistic 115

IoT botnets like Mirai variants launched 67% of SMB DDoS

Statistic 116

Account takeover (ATO) via SMS MFA bypass hit 31% of SMBs

Statistic 117

Wiper malware destroyed data in 8% of SMB ransomware cases

Statistic 118

Cryptojacking consumed 22% of SMB cloud CPU resources undetected

Statistic 119

Insider threats caused 34% of SMB incidents, with 78% unintentional

Statistic 120

Mobile phishing (smishing) rose 61% against SMBs

Statistic 121

API attacks exploited weak auth in 27% of SMB web apps

Statistic 122

Fileless malware evaded 45% of SMB AV solutions

Statistic 123

Deepfake voice scams tricked 14% of SMB finance teams

Statistic 124

Shadow IT led to 39% of SMB SaaS breaches

Statistic 125

Vishing calls compromised 23% of SMB helpdesks

Statistic 126

RDP brute-force attempts hit 99% of SMBs monthly

Statistic 127

DNS tunneling used in 17% of SMB data exfiltration

Statistic 128

Watering hole attacks targeted 11% of SMB industry sites

Statistic 129

Man-in-the-middle (MitM) via evil twin WiFi hit 28% remote SMB workers

Statistic 130

Logic bombs activated in 6% of SMB insider incidents

Sources
Trusted by 500+ publications
Harvard Business ReviewThe GuardianFortune+497
While it might feel like the big-name corporate breaches steal the headlines, a staggering 61% of small and medium-sized businesses were hit by a cyber attack in 2023, revealing a relentless and costly threat landscape where no company is too small to target.

Key Takeaways

  • In 2023, 61% of small and medium-sized businesses (SMBs) experienced at least one cyber attack, with phishing being the most common vector accounting for 36% of incidents
  • SMBs with fewer than 100 employees faced a 28% increase in ransomware attacks compared to 2022, totaling over 1.2 million attempts blocked across surveyed firms
  • 43% of all cyber breaches targeted SMBs, despite them representing only 30% of the market economy
  • Ransomware accounted for 24% of SMB malware detections in 2023, with LockBit variant at 41% share
  • Phishing emails targeting SMBs increased 15% YoY, with 91% containing malicious links or attachments
  • DDoS attacks on SMBs lasted average 45 hours, peaking at 1.2 Tbps volume
  • Average SMB data breach cost reached $4.45 million in 2023, up 15% from 2022
  • Ransomware payments by SMBs averaged $1.54 million per incident, with 46% paying demands
  • Phishing-related losses for SMBs totaled $52 million quarterly in US
  • 81% of SMBs lack formal cybersecurity training programs, leading to higher vulnerability
  • Only 26% of SMBs use multi-factor authentication (MFA) across all accounts
  • 57% of SMBs have not updated antivirus software in over 6 months
  • 44% of SMBs recovered fully from ransomware within 24 hours due to backups
  • Average SMB breach detection time: 277 days, with containment in 84 days
  • 54% of SMBs restored operations within a week post-incident using offsite backups

SMBs faced a surge in cyberattacks last year with damaging financial consequences.

Financial Losses

  • Average SMB data breach cost reached $4.45 million in 2023, up 15% from 2022
  • Ransomware payments by SMBs averaged $1.54 million per incident, with 46% paying demands
  • Phishing-related losses for SMBs totaled $52 million quarterly in US
  • Downtime from DDoS cost SMBs average $40,000 per hour
  • BEC fraud drained $43 billion from SMBs globally 2021-2023
  • Data recovery post-breach averaged $25,000 for SMBs under 500 employees
  • Notification costs after SMB breaches hit $0.25 million on average
  • Lost business revenue from breaches equaled 36% of total SMB costs
  • SMB insurance premiums rose 25% post-incident, averaging $18,000 annually
  • Supply chain breach ripple effects cost SMBs $1.2 million in disruptions
  • Credential breach fines under GDPR averaged €450,000 for EU SMBs
  • Malware cleanup expenses reached $150,000 per SMB incident
  • Legal fees from class actions post-breach: $500,000 for SMBs
  • Productivity losses from cyber incidents: 1,200 hours per SMB employee annually, valued at $60,000
  • Cloud breach misconfig costs SMBs $100,000 in data storage fees
  • Ransomware decryption failures led to $2 million data loss value for SMBs
  • IoT breach remediation: $75,000 average for SMB networks
  • BEC recovery efforts cost $200,000 including forensics
  • Post-breach customer churn: 22%, equating to $300,000 revenue loss yearly
  • DDoS mitigation subscriptions jumped to $12,000/year post-attack for SMBs
  • Insider threat investigations: $110,000 per case for SMBs
  • API breach penalties: $250,000 under PCI-DSS for SMBs

Financial Losses Interpretation

A staggering price tag underscores the grim reality for small businesses: cyber threats are now a catastrophic tax on entrepreneurship, where every click carries the weight of potential financial ruin.

Prevalence of Attacks

  • In 2023, 61% of small and medium-sized businesses (SMBs) experienced at least one cyber attack, with phishing being the most common vector accounting for 36% of incidents
  • SMBs with fewer than 100 employees faced a 28% increase in ransomware attacks compared to 2022, totaling over 1.2 million attempts blocked across surveyed firms
  • 43% of all cyber breaches targeted SMBs, despite them representing only 30% of the market economy
  • During Q4 2023, SMBs reported a 15% rise in DDoS attacks, averaging 2.5 attacks per business per month
  • 74% of SMBs in the US suffered a cyber incident in the past year, with retail sector hit hardest at 82%
  • Global SMB cyber attack volume reached 2.4 billion in 2023, a 22% YoY increase
  • 52% of SMBs experienced phishing attempts weekly, leading to 14% successful compromises
  • In Europe, SMBs saw a 31% surge in malware infections, with 68% undetected for over 30 days
  • 39% of SMBs reported supply chain attacks affecting their operations in 2023
  • Australian SMBs faced 1.8 cyber incidents per firm annually, up 19% from prior year
  • 67% of SMBs in manufacturing sector reported IoT-related attacks, averaging 45 exploits per device
  • UK SMBs experienced 25% more BEC scams, costing average £45,000 per incident
  • 55% of SMBs globally reported increased attack frequency post-COVID
  • In 2023, SMB cloud misconfigurations led to 41% of data exposures
  • 48% of SMBs in healthcare faced HIPAA-violating phishing
  • Canadian SMBs saw 29% rise in credential stuffing attacks
  • 62% of SMBs reported insider threat incidents, mostly accidental
  • Asia-Pacific SMBs experienced 3.2 billion attack attempts in H1 2023
  • 71% of SMBs with remote work reported VPN exploits
  • Latin American SMBs faced 34% increase in mobile malware
  • 53% of SMBs in finance sector hit by API vulnerabilities
  • Middle East SMBs saw 27% DDoS volume growth
  • 59% of SMBs reported social engineering successes
  • US SMBs averaged 4.5 attacks per week in 2023
  • 66% of SMBs in education faced ransomware
  • African SMBs reported 22% exploit kit usage in attacks
  • 49% of SMBs experienced zero-day exploits
  • SMBs in construction saw 38% rise in wiper malware
  • 64% of SMBs reported multi-vector attacks quarterly
  • Global SMB IoT attack surface grew 25%, with 1.7M vulnerabilities

Prevalence of Attacks Interpretation

The grim truth hiding behind these statistics is that the global digital economy now runs on a charmingly naive and profoundly vulnerable network of small businesses who, statistically speaking, are currently being digitally mugged while also trying to run a bakery.

Recovery and Resilience

  • 44% of SMBs recovered fully from ransomware within 24 hours due to backups
  • Average SMB breach detection time: 277 days, with containment in 84 days
  • 54% of SMBs restored operations within a week post-incident using offsite backups
  • Cyber insurance claims approved for 78% of SMB ransomware cases, accelerating recovery
  • 37% of SMBs experienced no long-term damage after MFA implementation post-breach
  • Incident response teams reformed in 49% of SMBs within 30 days of major breach
  • Data restoration success rate: 92% for SMBs with 3-2-1 backup rule compliance
  • 61% of SMBs reduced future risks by 40% after tabletop exercises
  • Post-breach, 52% of SMBs achieved compliance with NIST frameworks within 6 months
  • Resilience score improved 35% for SMBs adopting EDR post-incident
  • 68% of insured SMBs resumed business in under 72 hours after DDoS
  • Forensic analysis shortened MTTR by 50% in 45% of SMB recoveries
  • Employee retraining post-phishing cut repeat incidents by 63% in SMBs
  • Cloud migration post-breach enhanced resilience for 71% of SMBs
  • Zero-downtime recovery achieved by 29% of SMBs with hyper-converged infrastructure
  • 55% of SMBs rebuilt trust via transparency reports after breaches
  • Partnership with MSSPs improved recovery time by 60% for 47% SMBs
  • Immutable backups prevented re-encryption in 82% of SMB ransomware recoveries
  • Annual resilience audits adopted by 38% of SMBs post-incident
  • AI-driven threat hunting restored 66% of SMBs faster than manual methods
  • 73% of SMBs with cyber drills contained incidents under 24 hours
  • Supply chain vetting post-breach reduced secondary risks by 51% in SMBs
  • Quantum-safe encryption trials boosted long-term resilience in 21% SMBs
  • Community sharing via ISACs helped 39% SMBs in sector-wide recoveries
  • 64% of SMBs reported stronger vendor negotiations post-recovery success
  • Automated rollback systems enabled 53% SMBs to revert breaches instantly
  • 59% of SMBs achieved carbon-neutral recovery ops via green data centers
  • Peer benchmarking post-incident improved metrics for 42% SMBs
  • Blockchain audit trails aided forensic recovery in 25% advanced SMB cases
  • 48% of SMBs integrated XDR for holistic resilience post-multiple breaches

Recovery and Resilience Interpretation

While SMBs often emerge from cyberattacks with surprisingly quick technical recoveries thanks to robust backups, their true resilience story is a slow, sobering saga of taking nearly nine months to even detect the breach in the first place.

Security Practices

  • 81% of SMBs lack formal cybersecurity training programs, leading to higher vulnerability
  • Only 26% of SMBs use multi-factor authentication (MFA) across all accounts
  • 57% of SMBs have not updated antivirus software in over 6 months
  • Just 34% of SMBs conduct regular vulnerability scans, quarterly or more
  • 72% of SMBs fail to segment their networks, increasing lateral movement risk
  • Only 19% of SMBs have incident response plans tested annually
  • 65% of SMBs use default credentials on devices
  • 48% of SMBs lack endpoint detection and response (EDR) tools
  • Employee phishing simulation training covers only 41% of SMB staff yearly
  • 69% of SMBs do not encrypt sensitive data at rest or in transit
  • Backup testing occurs in just 23% of SMBs monthly
  • 55% of SMBs have unpatched software vulnerabilities over 90 days old
  • Zero-trust architecture adopted by only 14% of SMBs
  • 76% of SMBs lack web application firewalls (WAF)
  • Security awareness training budget is under $1,000/year for 62% SMBs
  • 51% of SMBs do not monitor privileged accounts
  • Email filtering solutions block only 89% of threats in SMBs
  • 67% of SMBs have no mobile device management (MDM)
  • Patch management automated in 29% of SMB environments
  • 73% of SMBs fail to conduct supplier security audits
  • SIEM tools deployed in only 17% of SMBs
  • 59% of SMBs use single-sign-on (SSO) inadequately
  • Regular penetration testing done by 22% of SMBs annually
  • Data loss prevention (DLP) policies in place for 31% of SMBs

Security Practices Interpretation

These statistics paint a grim picture of small businesses essentially running through a digital minefield wearing a "Kick Me" sign while using an "Admin/1234" password.

Types of Threats

  • Ransomware accounted for 24% of SMB malware detections in 2023, with LockBit variant at 41% share
  • Phishing emails targeting SMBs increased 15% YoY, with 91% containing malicious links or attachments
  • DDoS attacks on SMBs lasted average 45 hours, peaking at 1.2 Tbps volume
  • BEC scams defrauded SMBs of $2.9 billion in 2023, average loss $120,000 per incident
  • Supply chain compromises affected 18% of SMBs, via third-party software updates
  • Malware variants hit SMBs 3.4 times more than enterprises, with trojans at 29%
  • Credential theft via infostealers impacted 52% of SMBs, harvesting 1.5B credentials yearly
  • Zero-day exploits used in 12% of SMB breaches, primarily via browsers
  • IoT botnets like Mirai variants launched 67% of SMB DDoS
  • Account takeover (ATO) via SMS MFA bypass hit 31% of SMBs
  • Wiper malware destroyed data in 8% of SMB ransomware cases
  • Cryptojacking consumed 22% of SMB cloud CPU resources undetected
  • Insider threats caused 34% of SMB incidents, with 78% unintentional
  • Mobile phishing (smishing) rose 61% against SMBs
  • API attacks exploited weak auth in 27% of SMB web apps
  • Fileless malware evaded 45% of SMB AV solutions
  • Deepfake voice scams tricked 14% of SMB finance teams
  • Shadow IT led to 39% of SMB SaaS breaches
  • Vishing calls compromised 23% of SMB helpdesks
  • RDP brute-force attempts hit 99% of SMBs monthly
  • DNS tunneling used in 17% of SMB data exfiltration
  • Watering hole attacks targeted 11% of SMB industry sites
  • Man-in-the-middle (MitM) via evil twin WiFi hit 28% remote SMB workers
  • Logic bombs activated in 6% of SMB insider incidents

Types of Threats Interpretation

Small businesses are being served an overwhelming cybersecurity buffet where the specials include a ransomware platter, a side of drained bank accounts, and an incredible variety of ways to fail, proving it's time for a very serious course correction.

Sources & References

Logos provided by Logo.dev