Top 10 cyber threats to small businesses in 2025

Small businesses face increasingly threats, targeted by criminals who understand they have weaker security measures.

5/3/20251 min read

  1. High Prevalence of Cyber Breaches: Nearly half (46%) of all cyber breaches impact businesses with fewer than 1,000 employees.

  2. Targeted Cyberattacks: A significant majority (61%) of small and medium-sized businesses (SMBs) were targeted by cyberattacks in 2021.

  3. Ransomware Vulnerability: A staggering 82% of ransomware attacks in 2021 were directed at companies with fewer than 1,000 employees.

  4. Social Engineering Attacks: Employees of small businesses experience 350% more social engineering attacks than those at larger enterprises.

  5. Insufficient Cybersecurity Measures: A concerning 51% of small businesses lack any cybersecurity measures at all.

  6. Ransomware Payments: Over half (51%) of small businesses that fall victim to ransomware end up paying the ransom.

  7. Cyber Insurance Gap: Only a small fraction (17%) of small businesses have cyber insurance, leaving many vulnerable to financial losses from cyber incidents.

  8. Data Loss: Nearly 40% of small businesses reported losing crucial data as a result of a cyberattack.

  9. Low Cybersecurity Budget: A significant portion (47%) of businesses with fewer than 50 employees have no cybersecurity budget, highlighting a critical gap in preparedness.

  10. Multi-Factor Authentication (MFA) Gap: A mere 20% of small businesses have implemented multi-factor authentication, a crucial security measure to prevent unauthorized access.

Source: StrongDM