Top 10 cyber threats to small businesses in 2025

1. High Prevalence of Cyber Breaches: Nearly half (46%) of all cyber breaches impact businesses with fewer than 1,000 employees.

2. Targeted Cyberattacks: A significant majority (61%) of small and medium-sized businesses (SMBs) were targeted by cyberattacks in 2021.

3. Ransomware Vulnerability: A staggering 82% of ransomware attacks in 2021 were directed at companies with fewer than 1,000 employees.

4. Social Engineering Attacks: Employees of small businesses experience 350% more social engineering attacks than those at larger enterprises.

5. Insufficient Cybersecurity Measures: A concerning 51% of small businesses lack any cybersecurity measures at all.

6. Ransomware Payments: Over half (51%) of small businesses that fall victim to ransomware end up paying the ransom.

7. Cyber Insurance Gap: Only a small fraction (17%) of small businesses have cyber insurance, leaving many vulnerable to financial losses from cyber incidents.

8. Data Loss: Nearly 40% of small businesses reported losing crucial data as a result of a cyberattack.

9. Low Cybersecurity Budget: A significant portion (47%) of businesses with fewer than 50 employees have no cybersecurity budget, highlighting a critical gap in preparedness.

10. Multi-Factor Authentication (MFA) Gap: A mere 20% of small businesses have implemented multi-factor authentication, a crucial security measure to prevent unauthorized access.

Source: StrongDM