New Report Says 1 in 5 SMBs Would Be Forced to Shutter After Successful Cyberattack

Small and medium-sized businesses (SMBs) play a crucial role in the U.S. economy, making up 99.9% of all businesses and contributing to half of the nation's GDP. However, these vital economic growth drivers face an escalating threat—cyberattacks that could put them out of business.

VikingCloud’s 2025 SMB Threat Landscape Report states that nearly 1 in 5 SMBs would be forced to close their doors following a successful cyberattack. Even more concerning, 55% of SMBs report that a financial loss from a successful cyberattack of $50,000 or less would shut them down, with 32% at risk of closure from losses as low as $10,000.

Despite these risks, many SMBs attempt to self-manage their cybersecurity without the right expertise or resources. SMB owners already wear too many hats - from operations, payroll, customer service, and more - and don’t have time for cybersecurity. They assume they're too small to be a target or protected simply because they've purchased a point solution, like a firewall, without understanding how it works.

Even a single attack can have devastating financial and operational consequences without proper protection, pushing businesses to the brink of closure.

For SMBs, cybersecurity is no longer just an enterprise issue—it’s a matter of survival. However, many SMBs still fall short in their preparedness, putting their long-term viability at risk.

Why Small Businesses Struggle with Cybersecurity Management

While 80% of SMBs recognize they have cybersecurity vulnerabilities, many struggle to make basic improvements. Instead of hiring professional experts or outsourcing to a Managed Security Service Provider (MSSP), 74% of SMBs either self-manage their cybersecurity or rely on friends or family members who lack the necessary expertise. This expertise gap creates critical vulnerabilities.

23% of SMB owners admit they don’t fully understand their cybersecurity risks. 26% acknowledge that the person managing their security lacks proper training. By treating cybersecurity as an afterthought or entrusting it to underqualified individuals, SMBs inadvertently expose themselves to growing cyber threats.

For example, while 44% of SMBs have firewalls, many lack the expertise to maintain and configure them properly. As a result, when an attack occurs, they are unsure where to begin or who to contact, leaving them scrambling in a crisis without a clear response plan.

This lack of preparedness directly impacts business operations and revenue, especially for those reliant on point-of-sale (POS) systems. If a cyberattack leads to POS downtime, transactions stop, and cash flow is immediately disrupted—something 33% of SMBs have already experienced. Meeting essential expenses like payroll or rent becomes a serious challenge without incoming revenue, pushing businesses toward financial instability.

These vulnerabilities are concerning as cyberattacks on SMBs become more advanced and severe. Nearly half (48%) of SMBs report that they or an employee have received phishing emails or text messages, with 18% admitting their employees are at risk of falling victim to these attacks.

In the past year alone, SMBs have also faced malware (24%), denial-of-service (19%), and ransomware (14%) attacks. Alarmingly, 19% have also encountered deepfake schemes designed to manipulate employees into granting access to sensitive business accounts. Compounding the issue, SMBs are twice as likely to be unaware they’ve been breached by more sophisticated attacks, like a deepfake, compared with more common threats like network downtime.

It’s clear that cybersecurity self-management is not a viable option – it keeps SMBs in the cross-hairs of cybercriminals, putting their growth and financial stability at risk.

The Total Cost of Cyberattacks on SMBs

The impact of a cyberattack on SMBs extends far beyond immediate financial loss—it triggers a cascade of repercussions that make recovery challenging. While a business may be able to initially grapple with direct financial hits, the combination of downtime, customer loss, and legal complications can quickly spiral into a more severe crisis.

According to VikingCloud’s research, 55% of SMBs experience operational disruptions, 36% lose customers due to reputational damage, and 12% face legal trouble. This affects revenue and makes rebuilding trust and attracting new clients a daunting task.

For SMBs that already operate on tight margins, this cumulative effect often leaves little room for recovery, making it harder to bounce back from the initial blow. The combination of financial loss and these lasting repercussions underscores the critical need for proactive cybersecurity measures to help mitigate both immediate and long-term damage.

Future-Proofing SMBs Against Cyber Threats

Cybersecurity is more than just defense against attacks; it's essential for business continuity, customer trust, and sustainable growth. As SMBs invest more in technology, like artificial intelligence, those prioritizing cybersecurity will gain a competitive edge and remain resilient.

However, many SMB owners are not prepared to make critical strategic decisions that will shape their cybersecurity posture. This is often due to a lack of technical expertise and the need to focus on daily operations. They don’t have time to address long-term security needs, struggle with choosing the right tools, understand evolving threats, and implement effective solutions.

For many SMBs, partnering is a strategic move that levels the playing field against larger competitors. For example, MSSPs deliver expertise, cutting-edge technology, and dedicated resources without the need for extensive in-house training or large security budgets.

By providing services such as threat detection, incident response, and compliance management, MSSPs help SMBs stay ahead of evolving cyber threats while minimizing downtime, reducing financial losses, and tailoring security strategies to industry-specific risks. This makes them a valuable asset for businesses striving to maintain a competitive edge.

Featured

  • Mall of America Deploys AI-Powered Analytics to Enhance Parking Intelligence

    Mall of America®, the largest shopping and entertainment complex in North America, announced an expansion of its ongoing partnership with Axis Communications to deploy cutting-edge car-counting video analytics across more than a dozen locations. With this expansion, Mall of America (MOA) has boosted operational efficiency, improved safety and security, and enabled more informed decision-making around employee scheduling and streamlining transportation for large events. Read Now

  • Security Industry Association Launches New “askSIA” AI Tool

    The Security Industry Association (SIA) has unveiled a brand-new SIA member benefit – askSIA, a conversational AI agent designed to help users get the most out of their SIA membership, easily access SIA resources and find the latest information on SIA’s training and courses, reports and publications, events, certification offerings and more. SIA members can easily find askSIA by visiting the SIA homepage or looking for the askSIA icon in the top left of webpages. Read Now

    • Industry Events
  • Industry Embraces Mobile Access, Biometrics and AI

    A combination of evolving workplace dynamics, technology innovation and new user expectations is changing how people enter and interact with physical spaces. Access control is at the heart of these changes. Combined with biometrics and AI, mobile access control has become increasingly crucial for deploying entry solutions that are seamless, secure and adaptive to user needs. Read Now

  • Sustainable Video Solution Delivered for Landmark City of London Office Development

    An advanced, end-to-end video solution from IDIS, with a focus on reducing waste and costs, has helped a major office development in the City of London align its security with sustainability objectives. Read Now

  • DHS to End ‘Shoes-Off’ Travel Policy

    Homeland Security Secretary Kristi Noem announced a new policy today which will allow passengers traveling through domestic airports to keep their shoes on while passing through security screening at TSA checkpoints. Read Now

New Products

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • FEP GameChanger

    FEP GameChanger

    Paige Datacom Solutions Introduces Important and Innovative Cabling Products GameChanger Cable, a proven and patented solution that significantly exceeds the reach of traditional category cable will now have a FEP/FEP construction.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.