SMSMBs.com
Statistic · updated 2026-03

SMB cybersecurity in 2026

43% of cyberattacks target small businesses. Median cost of a breach: $120,000. Most SMBs aren't prepared.

Headline
43%
of cyberattacks target small businesses
Median breach cost
$120k
SMBs that close within 6 months of major breach
60%
SMBs with formal security plan
14%
Phishing / BEC share of breaches
74%

The attack surface

Small businesses are increasingly the primary target — large enterprises have invested heavily in security, leaving SMBs as the soft underbelly. Verizon DBIR shows 43% of breaches involved a small business victim. Phishing and Business Email Compromise (BEC) account for nearly three-quarters of attacks.

The economic damage

Median cost of a breach for SMBs is $120k, but the long-tail is brutal: 60% of small businesses hit by a major breach close within 6 months. Cyber insurance helps — and is now functionally required for federal contractors.

Where defense spending is going

  • Endpoint protection (Sentinel One, CrowdStrike, Defender for Business)
  • Email security (Proofpoint, Mimecast, Microsoft 365 add-ons)
  • Multi-factor authentication (Duo, Microsoft Authenticator)
  • Backup + recovery (Datto, Carbonite, Rewind)
  • Cyber insurance ($1k-15k/year for typical SMB)
Sources
Related statistics

Keep digging

Small business failure rate
20.4% fail within the first year
NFIB Small Business Optimism Index
92.4 NFIB Optimism Index · May 2026
Women-owned businesses in America
14.0M women-owned employer + non-employer businesses