The Growing Disparity in SMB Cybersecurity Preparedness
Recent insights from the 2025 State of SMB Cybersecurity Report by CrowdStrike shed light on the widening gap between small and medium-sized organizations’ (SMBs) cybersecurity readiness and knowledge. Despite the fact that 83% of SMBs claim to have a cybersecurity plan in place and 93% believe they are well-informed about cybersecurity threats, only 36% are actually investing in new cybersecurity tools, with a mere 11% utilizing AI-powered safeguards.
Although awareness about cybersecurity threats is on the rise, the majority of SMBs still lack the necessary funding, resources, and internal expertise to effectively combat modern-day threats. Insights gathered from SMB decision-makers across various sectors and organization sizes reveal that SMBs are in search of protection that is user-friendly, cost-effective, and capable of growing alongside their business amidst increasingly sophisticated and frequent attacks.
Key Findings from CrowdStrike’s 2025 State of SMB Cybersecurity Report:
- The Smallest Companies are Falling Behind: More than half of SMBs with fewer than 50 employees allocate less than 1% of their annual budget to cybersecurity, and only 47% have a security plan in place.
- Cost Influences Decision-Making: While cost considerations play a significant role in decision-making, only 57% of SMBs prioritize protection against advanced threats, and a mere 6.5% feel that their current cybersecurity budget is sufficient.
- Lack of Support and Overwhelm: Nearly 70% of SMBs rely on external guidance for purchasing decisions, and 50% feel overwhelmed by the plethora of cybersecurity products available.
- Ransomware Continues to Pose a Significant Risk: Smaller teams are particularly vulnerable, with 29% of SMBs with less than 25 employees reporting ransomware incidents compared to 19% of larger SMBs.
- Potential for Growth with AI-Driven Security: With only 11% of SMBs currently leveraging AI-powered security solutions, there is a clear opportunity for growth-oriented organizations to enhance their cybersecurity posture with scalable, automated security measures that reduce operational costs and complexity.
Vice President of SMB at CrowdStrike, Lisa Campbell, emphasizes the importance of translating awareness into action. She notes, “SMBs are increasingly aware of the cybersecurity risks they face, yet many are still vulnerable to modern threats. While they recognize the need for stronger protection, constraints such as time, budget, and expertise hinder their ability to implement robust security measures. To bridge this gap, SMBs are seeking affordable, efficient solutions that do not add unnecessary complexity.”
