Small and medium-sized businesses (SMBs) are under threat from hackers—but some may not understand the extent of the danger and the importance of spending to solve it.
SMBs are often targeted by threat actors. In Coalition’s Cyber Threat Index 2025, the cyber insurance firm found that 60% of SMBs cite cybersecurity concerns as a top threat. Despite that, only 23% reported that they felt “very prepared” to manage the threat. It’s a disconnect that could have ramifications, Coalition’s principal security researcher, Scott Walsh, told IT Brew.
“You care about your data, and most of the attacks today are limiting access to your own data,” Walsh said. “The attacker doesn’t care really about what your data is beyond the potential to embarrass you, but you care what your data is, because that’s what’s required to actually run your business. So, it’s basic economics in what your data is worth to you.”
Data download. That’s what Mastercard found in a recent survey of 5,000 small and medium-sized enterprises (SMEs) in the US, UK, UAE, India, and Brazil. Almost half of respondents—46%—reported that they had experienced a cyberattack; 18% of those filed for bankruptcy, and an overlapping 17% closed.
Those results may be due in part to a misalignment of priorities with respect to cybersecurity in the SMB space, Mastercard EVP and global head of small and medium enterprises Jane Prokop told IT Brew. And that’s even with 79% of surveyed respondents agreeing that effective cybersecurity is critical to business operations.
“There are many, many other priorities that they face in managing the business,” Prokop said. “So I think, from that very broad lens, it’s difficult to say where protection from cyber falls.”
Mindful thinking. Walsh agreed, telling IT Brew that the importance of reframing security as a business interest is essential at changing that perception. It’s about shifting the mindset on responsibility and caution. What has to happen first is for SMBs to realize that cybersecurity is an investment, not a sunk cost.
“Security is not one of these things that is thought of as business enablement; it’s thought of as a cost center that prevents people from doing their work,” Walsh said, adding, “a single line of defense is just not adequate any longer.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.