Nearly half of all SMBs feel vulnerable to imminent cyberattacks


Thought Leadership

Nearly half of all SMBs feel vulnerable to imminent cyberattacks

Teresa Zwierzchowski

How would you feel if you were told you would be vulnerable to an imminent car crash? Or imminent food poisoning? Or even just an imminent chance of slipping on a banana peel?

Most people would do something immediately to protect themselves. After all, who wants to take chances in the face of unfavorable odds or live perpetually in fear?

For many small-to-medium sized businesses (SMBs) in the U.S., fear is a fact of life. In the latest AppRiver Cyberthreat Index for Business Survey, 45% of all C-level executives and IT decision makers in SMBs say they feel vulnerable to imminent cyberattacks. The survey was conducted in the first quarter of 2019 among 1,059 SMBs nationwide. In some industry sectors, the numbers are even higher.


Following is a breakdown of the sectors in which the greatest numbers of executives and IT leaders are most concerned about about cyberthreats:

Transportation and logistics: 65%Technology: 62%Manufacturing: 50%Financial services and insurance: 47%Healthcare and pharmaceuticals: 47%

The level of fear increases in proportion with company size. Among larger SMBs with 150-250 employees, 56% believe they are vulnerable to imminent cyberattacks.

This all may sound unsettling for a business owner or senior team member, especially when nearly half of them believe the likelihood of being targeted in a cyberattack is imminent. But that’s not the worst news – more disturbing is that the other half, who are more optimistic, are also likely wrong.

In the same AppRiver survey, 71% of all SMBs reported their business has been targeted in at least one cyberattack within the past quarter. In another survey – the 2018 State of Cybersecurity in Small and Medium Sized Business Study – 67% have experienced email-based cyberattacks. So, even though less than half think they might be targeted, seven in 10 actually are.

As digital data storage increases among businesses, so does the financial incentive for cybercriminals. This applies to businesses of all sizes, but SMBs are particularly attractive to hackers given their limited resources for preventing, detecting, and responding to cyberthreats. Attackers are certainly fine with stealing from several targets what they may otherwise gain from a single victim, as long as at the end of the day their coffers are filled.

In addition to tracking more advanced malware attacks targeted at SMBs, Troy Gill, senior security analyst at AppRiver, said he also noticed a rise in social engineering in the small-business community. “We see new customers coming to AppRiver after falling victim to a Business Email Compromise (BEC) attack when they unknowingly transferred large sums of money to attackers. One in particular recently lost nearly a million dollars,” said Gill. “With the average cost per BEC attack estimated at over $130,000, this is a blow many SMBs simply cannot afford, and many never recover from.”


The AppRiver Cyberthreat Index for Business Survey is one of the most comprehensive cybersecurity attitudinal surveys of the U.S. business community, generating participation in Q1 2019 from 1,059 small-to-medium sized business leaders and IT decision makers, among which 48 percent hold CEO, president, owner, head of IT, or equivalent titles. To see more findings from the survey or learn about its methodology, Please visit