Cybersecurity: SMBs are more at risk of cyberattacks

Published July 7, 2023
Author: Ash Khan

Cybersecurity: SMBs are more at risk of cyberattacks

Published July 7, 2023
Author: Ash Khan

The combination of increased cyber threats and decreased cybersecurity investment at many small and medium-sized businesses has increased their risks.

When it comes to cybersecurity, small and medium-sized businesses are stuck between the proverbial rock and a hard place. On one hand, as larger, enterprises have enhanced their cyber defences, fraudsters are focusing more on smaller businesses. However, due to pressure to control technological spending, many small and medium-sized businesses have had to reduce or cap their cybersecurity budgets.


Increasing cybersecurity threats to small and medium-sized businesses 

For businesses at the lesser end of the spectrum, the ultimate effect is a dramatically increased cyber risk. According to an online security website companies with revenues of $100,000 to $500,000 can now expect as many cyber-attacks as those earning $1 million to $9 million annually.

Small and medium-sized businesses are increasingly at risk, which has significant financial ramifications. In the annual Cost of a Data Breach study from 2021, the average cost of a data breach for a business with less than 500 workers was expected to be $2.98 million. However, several small business owners erroneously think they can operate unnoticed. Only 42% of organisations with 500 or fewer employees reported having cybersecurity protections in place in a 2022 poll. Moreover, 59% of those that had no cybersecurity thought they were too tiny to be attacked.

As a result of the major cost and efficiency advantages, as well as some built-in security, SMBs have boosted their usage of cloud storage and backup services for tools like email and collaboration. However, the widespread adoption of cloud software also grants cyber attackers advantages. Since, they may concentrate their attacks on more centralised infrastructure and typical flaws in widely used email services, for instance.


While cybersecurity has become increasingly complex for all organisations, SMBs are particularly under pressure from a resource perspective given the current economic climate. To assist SMBs owners safeguard their environments effectively, there are several new integrated security choices.


Small and medium-sized businesses are becoming easy targets

A Report portrays a bleak picture for SMBEs: The assaults against bigger organisations marginally decreased in 2021. However, they grew for all other enterprises as hackers focused more of their attention on medium and small-sized companies. Businesses with 250 to 999 workers had an average of 69 assaults, up from 45 in 2020. Moreover, those with 10 to 49 employees experienced an average of 56 attacks, up from 31. Also, those with less than 10 employees witnessed a rise in attacks nearly fourfold, from 11 to 40.

In December 2022, FBI Supervisory Special explained the occurrence during CNBC’s Small Business Playbook virtual event: The major corporations keep up their investments in cybersecurity and strengthen their cybersecurity posture. Cybercriminals are changing their strategies and adapting to focus on small and medium-sized firms since they are easy targets. Furthermore, small businesses made up the bulk of the victims who reported crimes to the FBI’s Internet Crime Complaint Centre (IC3). A report on email security reflects this. In comparison to 46% of large firms questioned, seven out of ten smaller businesses claimed that a ransomware attack had affected their company.


SMB Spending: Less Cybersecurity, More Cloud

Numerous smaller organisations have used cloud solutions for the first time because of the shift to remote working. Because of this, fraudsters may now target these smaller fish at a lower cost. They can target cloud providers directly or take advantage of flaws in cloud applications.


However, some SMBs have reduced their efforts in cybersecurity even as they have increased their spending on cloud solutions. According to a survey, businesses with 1,000 or more employees invested 65% more in cybersecurity. Businesses with 250 to 999 workers quadrupled their spending on cybersecurity. The average amount spent on cybersecurity by businesses with between 10 and 49 workers was slashed in half, from $411,000 to $225,000. Additionally, those companies with fewer than 10 employees almost emptied their cyber budgets, with expenditures dropping from $150,000 to $29,000.


Therefore, it is expected that respondents from smaller businesses trailed behind their counterparts in corporations in implementing proper security measures. In comparison to 63% of respondents working for enterprises, only 36% of respondents in smaller companies have email security solutions.


Complex Issues, Integrated Approaches

Any organisation, regardless of size, has a significant problem when managing cybersecurity risk. Often companies deal with various threats, including phishing, ransomware, credential harvesting, insider threats, and more, making the threat complex. The same applies to layering effective defences. Smaller businesses who lack cybersecurity resources and knowledge of their larger counterparts may find that to be a particular issue.


Email security is a smart place to start because email is the origin of 90% of hacks. SMBs that had invested in a secure email gateway now housed their email on-premises and deal with a new reality. It may be less clear how to safeguard it now that they’ve deployed a cloud email service. But the question is whether the security provided by the solution itself is adequate. Email filtering now goes beyond what our grandfathers used to do. The typical SMB may find this complex collection of tasks to be rather confusing.

Gateway-less email solutions created to connect virtually instantaneously into a company’s cloud email infrastructure are one investment that might be beneficial for SMBs. These relatively recent options can offer the same strong security stack seen in on-premises email gateways, but they are cloud-based. Initially, SMBs adopted gateway-less email protection to enhance the security features already included in their email systems without additional investments. Gateway-less email security may come with pre-configured settings, one-click remediation, and user-friendly threat dashboards as standard features.



The advent of widespread cloud solutions for email and collaboration tools has increased the emphasis of cyber criminals on SMBs. As it gives them a quick entry point. New gateway-less products can help SMBs deal with their unique security issues, such as evolving email-borne threats, a larger cloud attack surface, and resource constraints.