19 SMB security statistics

| By:
Brian Downey

This week is National Small Business Week! Every year since 1963, the critical contributions of America’s entrepreneurs and small business owners have been recognized. This undoubtedly hits home for MSPs whose clients consist of many small-to-medium-sized business (SMB) owners. It is your core mission to do everything you can to protect these businesses and ensure all their IT needs are covered.

That's why we've compiled 19 SMB security statistics from our new research report, Underserved and Unprepared: The State of SMB cybersecurity in 2019. Below, find the data that validates the major risks and opportunities for SMBs—and MSPs—at hand.

Protecting against cyberattacks has become the highest priority for SMBs
  1. 89% of SMBs see cybersecurity as the top or top five priority in their organization.
  2. 75% of SMBs agree that there should be more emphasis placed on security in their organization.
  3. 79% of SMBs are planning to invest more in cybersecurity in the next 12 months.
  4. 52% of SMBs say that protecting against cyberattacks is one of their organization’s biggest priorities in the next two years.
The majority of SMBs are ill-prepared to deal with cyberattacks on their own
  1. 62% of SMBs lack the skills in-house to deal with security issues.
  2. 80% of SMBs are worried that they will be the target of a cyberattack in the next six months.
  3. 52% of SMBs feel helpless to defend themselves from new forms of cyberattacks.
  4. 56% of SMBs do not currently have specific cybersecurity experts in their organization.
  5. SMBs that have suffered a cyberattack report a total business cost of $53,987, on average.
  6. 64% of SMBs have reported that their organization has suffered a cyberattack.
Cybersecurity has become a determining factor in whether an SMB is likely to use an MSP
  1. SMBs that plan to change MSPs are more likely to have seen inadequate cybersecurity protections from their MSP (32%) compared to those who plan to stay with their current provider (25%).
  2. 84% of SMBs who do not use an MSP would consider using one if they offered the “right” cybersecurity solution.
  3. 13% of SMBs who do not use an MSP feel confident in all cases that their organization would be able to defend itself during an attack.
  4. 93% of SMBs would consider moving to a new MSP if they offered the “right” cybersecurity solution, even if they weren’t planning to change.
  5. Of SMBs that use an MSP, 69% claim they would hold their MSP accountable at some level in the event of an attack.
  6. 74% of SMBs who use or plan to use an MSP would take legal action against them in the event of an attack.
  7. Almost eight in ten SMBs anticipate that at least half of their cybersecurity will be outsourced in five years’ time.
  8. 57% of SMBs currently outsources all or the majority of their cybersecurity.
  9. Nearly one in four SMBs has already changed their provider in the aftermath of a cyberattack.
Stats don't lie

From this data, the message to MSPs is loud and clear: if you’re not providing SMBs with comprehensive security services, you’ll run into competition from MSPs that can—and you’ll likely lose. SMBs won’t stop searching until they find the right solution that addresses their cybersecurity concerns.

Cybersecurity is now a must-have for your SMB clients. If you haven’t taken steps to improve your capabilities around cybersecurity or update your portfolio accordingly, now is the time to do so.