Key Takeaways
- Average SMB data breach cost reached $4.45 million in 2023, up 15% from 2022
- Ransomware payments by SMBs averaged $1.54 million per incident, with 46% paying demands
- Phishing-related losses for SMBs totaled $52 million quarterly in US
- In 2023, 61% of small and medium-sized businesses (SMBs) experienced at least one cyber attack, with phishing being the most common vector accounting for 36% of incidents
- SMBs with fewer than 100 employees faced a 28% increase in ransomware attacks compared to 2022, totaling over 1.2 million attempts blocked across surveyed firms
- 43% of all cyber breaches targeted SMBs, despite them representing only 30% of the market economy
- 44% of SMBs recovered fully from ransomware within 24 hours due to backups
- Average SMB breach detection time: 277 days, with containment in 84 days
- 54% of SMBs restored operations within a week post-incident using offsite backups
- 81% of SMBs lack formal cybersecurity training programs, leading to higher vulnerability
- Only 26% of SMBs use multi-factor authentication (MFA) across all accounts
- 57% of SMBs have not updated antivirus software in over 6 months
- Ransomware accounted for 24% of SMB malware detections in 2023, with LockBit variant at 41% share
- Phishing emails targeting SMBs increased 15% YoY, with 91% containing malicious links or attachments
- DDoS attacks on SMBs lasted average 45 hours, peaking at 1.2 Tbps volume
In 2023, SMBs faced costly attacks with phishing dominant, averaging $4.45 million per breach.
Related reading
01 · Category
Financial Losses22 stats
Financial Losses Interpretation
02 · Category
Prevalence of Attacks30 stats
Prevalence of Attacks Interpretation
03 · Category
Recovery and Resilience30 stats
Recovery and Resilience Interpretation
More related reading
04 · Category
Security Practices24 stats
Security Practices Interpretation
05 · Category
Types of Threats24 stats
Types of Threats Interpretation
Cite This Report
This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.
Timothy Grant. (2026, February 13). Smb Cybersecurity Statistics. Gitnux. https://gitnux.org/smb-cybersecurity-statistics
Timothy Grant. "Smb Cybersecurity Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/smb-cybersecurity-statistics.
Timothy Grant. 2026. "Smb Cybersecurity Statistics." Gitnux. https://gitnux.org/smb-cybersecurity-statistics.
Sources & references
85 datasets cited across this report · attribution is report-level

