New Report Says 1 in 5 SMBs Would Be Forced to Shutter After Successful Cyberattack

Small and medium-sized businesses (SMBs) play a crucial role in the U.S. economy, making up 99.9% of all businesses and contributing to half of the nation's GDP. However, these vital economic growth drivers face an escalating threat—cyberattacks that could put them out of business.

VikingCloud’s 2025 SMB Threat Landscape Report states that nearly 1 in 5 SMBs would be forced to close their doors following a successful cyberattack. Even more concerning, 55% of SMBs report that a financial loss from a successful cyberattack of $50,000 or less would shut them down, with 32% at risk of closure from losses as low as $10,000.

Despite these risks, many SMBs attempt to self-manage their cybersecurity without the right expertise or resources. SMB owners already wear too many hats - from operations, payroll, customer service, and more - and don’t have time for cybersecurity. They assume they're too small to be a target or protected simply because they've purchased a point solution, like a firewall, without understanding how it works.

Even a single attack can have devastating financial and operational consequences without proper protection, pushing businesses to the brink of closure.

For SMBs, cybersecurity is no longer just an enterprise issue—it’s a matter of survival. However, many SMBs still fall short in their preparedness, putting their long-term viability at risk.

Why Small Businesses Struggle with Cybersecurity Management

While 80% of SMBs recognize they have cybersecurity vulnerabilities, many struggle to make basic improvements. Instead of hiring professional experts or outsourcing to a Managed Security Service Provider (MSSP), 74% of SMBs either self-manage their cybersecurity or rely on friends or family members who lack the necessary expertise. This expertise gap creates critical vulnerabilities.

23% of SMB owners admit they don’t fully understand their cybersecurity risks. 26% acknowledge that the person managing their security lacks proper training. By treating cybersecurity as an afterthought or entrusting it to underqualified individuals, SMBs inadvertently expose themselves to growing cyber threats.

For example, while 44% of SMBs have firewalls, many lack the expertise to maintain and configure them properly. As a result, when an attack occurs, they are unsure where to begin or who to contact, leaving them scrambling in a crisis without a clear response plan.

This lack of preparedness directly impacts business operations and revenue, especially for those reliant on point-of-sale (POS) systems. If a cyberattack leads to POS downtime, transactions stop, and cash flow is immediately disrupted—something 33% of SMBs have already experienced. Meeting essential expenses like payroll or rent becomes a serious challenge without incoming revenue, pushing businesses toward financial instability.

These vulnerabilities are concerning as cyberattacks on SMBs become more advanced and severe. Nearly half (48%) of SMBs report that they or an employee have received phishing emails or text messages, with 18% admitting their employees are at risk of falling victim to these attacks.

In the past year alone, SMBs have also faced malware (24%), denial-of-service (19%), and ransomware (14%) attacks. Alarmingly, 19% have also encountered deepfake schemes designed to manipulate employees into granting access to sensitive business accounts. Compounding the issue, SMBs are twice as likely to be unaware they’ve been breached by more sophisticated attacks, like a deepfake, compared with more common threats like network downtime.

It’s clear that cybersecurity self-management is not a viable option – it keeps SMBs in the cross-hairs of cybercriminals, putting their growth and financial stability at risk.

The Total Cost of Cyberattacks on SMBs

The impact of a cyberattack on SMBs extends far beyond immediate financial loss—it triggers a cascade of repercussions that make recovery challenging. While a business may be able to initially grapple with direct financial hits, the combination of downtime, customer loss, and legal complications can quickly spiral into a more severe crisis.

According to VikingCloud’s research, 55% of SMBs experience operational disruptions, 36% lose customers due to reputational damage, and 12% face legal trouble. This affects revenue and makes rebuilding trust and attracting new clients a daunting task.

For SMBs that already operate on tight margins, this cumulative effect often leaves little room for recovery, making it harder to bounce back from the initial blow. The combination of financial loss and these lasting repercussions underscores the critical need for proactive cybersecurity measures to help mitigate both immediate and long-term damage.

Future-Proofing SMBs Against Cyber Threats

Cybersecurity is more than just defense against attacks; it's essential for business continuity, customer trust, and sustainable growth. As SMBs invest more in technology, like artificial intelligence, those prioritizing cybersecurity will gain a competitive edge and remain resilient.

However, many SMB owners are not prepared to make critical strategic decisions that will shape their cybersecurity posture. This is often due to a lack of technical expertise and the need to focus on daily operations. They don’t have time to address long-term security needs, struggle with choosing the right tools, understand evolving threats, and implement effective solutions.

For many SMBs, partnering is a strategic move that levels the playing field against larger competitors. For example, MSSPs deliver expertise, cutting-edge technology, and dedicated resources without the need for extensive in-house training or large security budgets.

By providing services such as threat detection, incident response, and compliance management, MSSPs help SMBs stay ahead of evolving cyber threats while minimizing downtime, reducing financial losses, and tailoring security strategies to industry-specific risks. This makes them a valuable asset for businesses striving to maintain a competitive edge.

Featured

  • Video Surveillance Trends to Watch

    With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.