New survey shows a widespread lack of cybersecurity preparation in SMBs

David Strom 25 Mar 2022

Many small business owners still aren't concerned about being a potential target of a cyberattack.

A marketing firm asked 1,250 small business owners (with fewer than 500 employees) about their cybersecurity practice, and the results are pretty staggering. They largely show that most aren’t doing much to prepare for potential attacks, and for those that have done some work, it often falls far short.

Nearly half of the business owners surveyed don’t have any defensive measures in place, and a third have no protection whatsoever against cyberattacks. What’s more, 60% don’t have any concerns about being a potential target, voicing that they are too small to be on anyone’s radar. As we have written about numerous times in past blogs, this is just not true. This is because everyone has some customer and other business-critical data that can be valuable on the dark web for some bad actor. It could be just customer emails or include credit card accounts or social security numbers.  

This lack of concern spans all kinds of small businesses, stretching across online-only and mainly in-person situations.  Below, you can see the breakdown in answers among the different types of businesses.



The results rise for online-only to 20% but drop to 7% for in-person companies. That shouldn’t mean in-person businesses should breathe a bit easier, because everyone uses some online resources. For example, you might have a web server, or use an online bill paying service, or even email or instant messaging. All of these could become compromised by a determined adversary, and that could spell disaster.

Here are some of the reasons why the respondents say they have been resisting putting the appropriate measures in place:


Overall, 12% of the respondents have experienced some kind of cyberattack, with many of these resulting in stolen or compromised customer data. That is particularly true given the fact that the respondents showed not much determination to repel cyberattacks. For example, less than a third have implemented regular data backups or made use of secured networks, two of the reasons why ransomware continues to be effective.

Further reading:
How do hackers get into a company's network?
A quick look at Avast's latest Global Risk Report for SMBs

--> -->