Growing Cyber Risk Meets Uneven SMB Response
Small and medium-sized businesses (SMBs) increasingly understand the cyber risks they face, but many still fall short on defense. This is the central theme of CrowdStrike’s newly released 2025 State of SMB Cybersecurity Report. Despite 93% of SMBs reporting awareness of cybersecurity risks, only 36% invest in modern cybersecurity tools. A mere 11% use AI-powered solutions. These gaps leave many organizations vulnerable to increasingly sophisticated cyber threats.
“SMBs are increasingly aware of the cyber risks they face, but remain vulnerable,” said Lisa Campbell, vice president of SMB at CrowdStrike. “Many know they need stronger protection but are held back by limited time, resources, and expertise. They need solutions that are affordable and effective.”
Cyber Threats No Longer Skip Small Businesses
Cybercriminals are no longer ignoring smaller targets. The report highlights that SMBs are now prime marks for attacks that use automation and AI.
Organizations with fewer than 50 employees are at the highest risk. Only 47% have a security plan, and over half dedicate less than 1% of their budget to cybersecurity.
Cost Drives Decisions, Not Always Smart Ones
Most SMBs (67%) choose cybersecurity tools based on affordability. However, only 57% prioritize protection against advanced threats. Even more concerning, just 6.5% believe their budgets are adequate.
This shows a mismatch between budget priorities and real-world risks.
Overwhelmed by Options, Starved for Strategy
The crowded cybersecurity market adds confusion. Half of SMBs say they’re overwhelmed by the number of solutions available. Nearly 70% rely on third-party guidance to make decisions. This highlights the importance of vendor transparency and expert input.
Ransomware Threatens the Smallest Players
Among companies with fewer than 25 employees, ransomware poses a major threat. The report notes this makes, “this segment of micro-businesses the most affected by successful ransomware” attack. “The smallest businesses are especially vulnerable,” to cyberattacks because they “lack the plans, backups, cyber insurance, or vendor partnerships needed for recovery.”
Of those that suffered an incident in the past year, 29% reported it involved ransomware. Size matter; only 19% of larger SMBs reported the same. This underscores how a lack of investment can leave the smallest firms highly exposed.
AI Security: An Untapped Opportunity
While awareness is high, adoption of AI-powered tools remains low. Only 11% of SMBs currently use AI-driven security. The report views this as an opportunity; AI tools offer scalable, cost-effective protection that requires less manual oversight. For resource-strapped SMBs, they may be the key to stronger defenses.
Clear Guidance, Not More Tools, Is the Need
SMBs want more than technology. They want help. The report shows many feel stuck, unsure what to implement or prioritize.
CrowdStrike calls on vendors and enterprise partners to lead with education. Simplified platforms, hands-on support, and clear best practices can help bridge the gap between awareness and action.
Partnering for a Safer Digital Ecosystem
The cybersecurity gap is not just an SMB issue. It affects their partners, vendors, and enterprise customers. Every insecure third-party is a potential entry point for attackers.
CrowdStrike encourages enterprises to support SMBs with guidance and shared intelligence. This mutual effort can strengthen the full digital supply chain.
Conclusion: Awareness Isn’t Enough
The report makes one thing clear. Knowing the risk is not the same as being ready. For SMBs to survive today’s threat landscape, they must close the gap between awareness and action. CrowdStrike’s call is urgent. Affordable, effective, and guided solutions must be the new standard.
Other News: Few SMEs Have Cyber Insurance Despite Growing Cyber Threats, ABI Report Warns(Opens in a new browser tab)
