A fruitful cyberattack would force nearly one in five small and medium businesses to close their doors, a worrying new report claims. As a result, cybersecurity has shot up the ranking of business concerns.
Moreover, less than $10,000 of losses caused by a cyberattack would force nearly a third of these businesses to shut down, a new study by VikingCloud, a predict-to-prevent cybersecurity and compliance company, shows.
This very real risk is now reflected in surveys of smaller business owners. Cybersecurity (48%) is now the second-highest business concern for the industry, just behind inflation and rising costs (67%).
Data was gathered from a quantitative survey of small and medium business (SMB) owners across North America. According to VikingCloud’s chief product officer, Kevin Pierce, it’s clear that cybercrooks see smaller businesses as “low-hanging fruit to get a quick payday.”
Fragile foundations
According to VikingCloud’s 2025 SMB Threat Landscape report, 74% of SMBs self-manage their cybersecurity or rely on a family member or friend.
That’s the paradox. The report found that 60% of SMBs believe they are the most likely target of a cyberattack – but most have also not taken the most basic steps to improve their defenses.
For example, many SMB owners still use either their pet’s name, a series of numbers, or a family member’s name so their passwords are easy to remember (23%), don’t require regular software updates (18%), or haven’t put multi-factor authentication in place for their workers (14%).
Of those businesses using cybersecurity solutions, a third are using outdated technology, leaving them vulnerable to the growing number and sophistication of cyberattacks.
Unfortunately, the cost-of-living crisis continues to hurt smaller business owners in the US. 32% of the survey respondents said they simply lack the budget to hire staff with the cybersecurity knowledge required.
The industry is, in other words, very fragile. For 55% of SMBs, it would take less than $50,000 in financial impact from a cyberattack to put them out of business. For 32%, losing less than $10,000 would be enough.
“But SMBs don’t need massive budgets to defend themselves – but they do need to move beyond DIY security. It’s not just a case of paying less now to avoid paying more later. It’s a case of paying a little now to stay in business,” Pierce told Cybernews.
According to Pierce, cybercriminals are focusing on the attack methods that cause business downtime, making SMBs more likely to pay out a ransom or give in to other demands.
AI is both a hope and a threat
Obviously, AI helps the crooks to scale their attacks across thousands of targets simultaneously. However, 65% of SMBs also believe AI could help manage cybersecurity more effectively.
Sixty-five percent of SMBs report cybersecurity as a business function that could be managed more effectively with AI, ranking ahead of sales and marketing (41%), customer service (32%), and human resources (27%).
They believe AI will be most useful in identifying threats before they impact business operations (55%), flagging phishing emails and texts (49%), and offering real-time threat response recommendations (49%).
VikingCloud says business owners are hopeful about AI because they wear many hats – they have to juggle sales, operations, marketing, human resources, and much more. Most simply don’t have the time to manage cyber threats as well.
“Besides, AI isn’t just another tech tool to help SMBs manage their online defense better – it’s key to faster growth,” said Pierce.
“Over half of SMB owners (52%) see cybersecurity as a revenue booster. When they trust their tech solutions have their back, they have the confidence to focus on building their business.”
Your email address will not be published. Required fields are markedmarked