The 2025 State of SMB Cybersecurity Report from CrowdStrike reveals a rising disparity between small and medium-sized organizations’ (SMBs’) cybersecurity preparation and information. Even whereas 83% of SMBs say they’ve a plan in place and 93% consider they’re knowledgeable about cybersecurity threats, simply 36% are investing in new instruments, and solely 11% have used AI-powered safeguards.
Regardless of rising consciousness, nearly all of SMBs nonetheless lack the funding, sources, and inner information essential to thwart modern threats, in keeping with analysis based mostly on observations from SMB decision-makers throughout sectors and group sizes. SMBs need safety that’s easy to make use of, cheap to implement, and designed to develop with their firm in mild of extra subtle and frequent assaults.
Highlights of CrowdStrike’s 2025 State of SMB Cybersecurity Report:
- The smallest corporations are lagging probably the most: greater than half of SMBs with fewer than 50 staff commit lower than 1% of their yearly finances to cybersecurity, and solely 47% of them say they’ve a safety plan in place.
- Price concerns affect selections, however not essentially in the perfect methods: Solely 57% of SMBs say they prioritize safety towards subtle threats, and solely 6.5% suppose their present cybersecurity finances is definitely sufficient, regardless of 67% of them prioritizing value when selecting a cybersecurity resolution.
- SMBs are under-supported in technique and overwhelmed by alternative: Nearly 70% of SMBs depend on exterior recommendation to information their buying selections, and 50% of SMBs really feel overloaded by the number of cybersecurity merchandise out there.
- Ransomware continues to be a serious danger, significantly to smaller groups: Ransomware was reported by 29% of SMBs with lower than 25 staff that had a cyber occasion within the earlier 12 months, in comparison with 19% of larger SMBs.
- Adoption of AI-driven safety affords an opportunity for growth: There’s a clear potential for growth-minded organizations to enhance their security with scalable, automated safety that lowers working prices and complexity, since simply 11% of SMBs now use AI-powered safety, and the bulk are nonetheless within the early levels of the method.
Based on Lisa Campbell, Vice President of SMB at CrowdStrike, “SMBs are extra aware of the cyber dangers they face, however they’re nonetheless prone to modern threats. Many are conscious that they require extra sturdy safety, however their lack of time, cash, and expertise prevents them from doing so. To place consciousness into motion, they need options which can be each economical and environment friendly with out growing complexity.”
