Guardz 2025 SMB Cybersecurity Report: Nearly 50% of U.S. Small Businesses Have Been Hit by Cyber Attack

80% of SMBs with a formal incident response plan in place were able to avoid major damage during an attack – highlighting the need for support from MSPs

MIAMI, December 17, 2025 /PRNewswire/ -- According to a report published today by Guardz, the cybersecurity platform empowering Managed Service Providers (MSPs) to protect small and medium-sized businesses (SMBs), almost 50% of all US based SMBs (43%) have already experienced a cyber attack. While 80% of respondents believe the need for cybersecurity in their industries has increased over the past year and 61% anticipate greater overall cyber risks in the year to come, 52% of SMBs still rely on an untrained internal staff member or the business owners themselves to manage critical security functions without support from professionals such as Managed Service Providers (MSPs).

"In 2025, SMBs are confronting the reality that cyber threats are no longer distant possibilities, but daily risks with the potential to disrupt or even destroy a business," said Dor Eisner, CEO and Co-Founder of Guardz."This research confirms that businesses increasingly recognize the value of experienced service partners. Those that try to manage risk on their own lack the expertise, resources, and tools needed to stay resilient. The data shows that organizations with strong preparation, grounded in clear processes and trusted partners, are far better positioned to avoid disruption and maintain continuity."

Persistent Vulnerabilities

SMBs report ongoing challenges in defending against common threats, with phishing, ransomware, and employee mistakes topping the list. Nearly half (45%) of respondents cite employee negligence as their biggest cybersecurity concern, particularly acute in the education sector. While 43% of SMBs report they experienced a cyberattack in the past 5 years, 27% said they were targeted in the past 12 months. A majority (64%) of business owners reportedly recovered quickly, but a small but significant number (3%) faced severe, lasting damage.

Other interesting and alarming findings include:

• 58% of SMBs use network firewalls, 52% employ email/spam filters, and 41% have endpoint protection.
• 26% do not conduct regular penetration tests or security assessments.
• 42% of SMBs are worried about outdated technologies, with healthcare businesses the most concerned.

Rising Awareness, Inadequate Preparation

In a year of a fast-moving threat landscape, half of SMBs reported increasing their cybersecurity budgets, with 17% significantly increasing their spend. The average investment per employee remains minimal: 16% of SMBs allocate less than $50 per user annually, and nearly a third (31%) of SMB owners don't know exactly how much they spend on cybersecurity at all.

Only 34% of SMB owners have a formal incident response or continuity plan developed with a cybersecurity professional, and 27% lack cyber insurance altogether. In one-third (33%) of cases, the business owner personally handles alerts and incident resolution, which is both time-consuming and outside their expertise, leaving room for missteps and oversights. An additional 13% of SMBs rely on untrained employees to handle alerts, reinforcing the operational fragmentation identified in the report.

A Turning Point for MSP Engagement

As threats mount, SMBs are increasingly looking to external partners for help. According to the survey, the leading motivations for working with a managed service provider (MSP) are a fear of cyberattacks (52%) and a sense of responsibility to customers and stakeholders (40%). While other factors were reported, compliance requirements, reduced cyber insurance premiums, and a growing need for specialized expertise, stood out as the primary drivers.

The report reveals that 80% of SMBs with a formal incident response plan in place were able to avoid major damage during an attack, highlighting that preparedness, and working with professionals, determines resilience.

Visit here to read the full report about the survey results.

Notes 

The study gathered responses from 800 U.S.–based SMB owners, each representing businesses with more than ten employees, across a diverse range of industries, including retail, healthcare, finance, manufacturing, education, and technology. Respondents answered a combination of questions designed to measure cybersecurity readiness, perceived risks, incident experience, and engagement with MSPs.

About Guardz

Guardz is the unified cybersecurity platform purpose-built for MSPs. The company consolidates the essential security controls, including identities, endpoints, email, awareness, and more, into one AI-native framework designed for operational efficiency. Its identity-centric approach connects the dots across vectors, reducing the gaps that siloed tools leave behind so MSPs can respond to user risk in real time. With 24/7 AI + human-led MDR, Guardz utilizes agentic AI to triage at machine speed while expert analysts validate, mitigate, and guide response, giving MSPs scalable protection without adding headcount.

Press Contact
Mike Katznelson
Headline Media
mike.katznelson@headline.media
+1 914 233 5302

SOURCE Guardz