Top 10 cyber threats to small businesses in 2025
Small businesses face increasingly threats, targeted by criminals who understand they have weaker security measures.


High Prevalence of Cyber Breaches: Nearly half (46%) of all cyber breaches impact businesses with fewer than 1,000 employees.
Targeted Cyberattacks: A significant majority (61%) of small and medium-sized businesses (SMBs) were targeted by cyberattacks in 2021.
Ransomware Vulnerability: A staggering 82% of ransomware attacks in 2021 were directed at companies with fewer than 1,000 employees.
Social Engineering Attacks: Employees of small businesses experience 350% more social engineering attacks than those at larger enterprises.
Insufficient Cybersecurity Measures: A concerning 51% of small businesses lack any cybersecurity measures at all.
Ransomware Payments: Over half (51%) of small businesses that fall victim to ransomware end up paying the ransom.
Cyber Insurance Gap: Only a small fraction (17%) of small businesses have cyber insurance, leaving many vulnerable to financial losses from cyber incidents.
Data Loss: Nearly 40% of small businesses reported losing crucial data as a result of a cyberattack.
Low Cybersecurity Budget: A significant portion (47%) of businesses with fewer than 50 employees have no cybersecurity budget, highlighting a critical gap in preparedness.
Multi-Factor Authentication (MFA) Gap: A mere 20% of small businesses have implemented multi-factor authentication, a crucial security measure to prevent unauthorized access.
Source: StrongDM