SMBs vs. Cyberhackers: Who’s on top?

Here is a question most CSOs wouldn’t want to answer: “Are cyberhackers’ technology and strategies more sophisticated than ours?”  

Who Is On top?

Often, the honest answer is “we don’t know,” or “we try not to think about it.” Particularly for small-to-medium sized businesses (SMBs), resources may be too stretched to afford real, informed examination. And no one wants to live in fear, so it becomes a question many try to avoid.

Recently, AppRiver, with the consultative support of University of West Florida Center for Cybersecurity, posed this question to over one thousand SMB C-suites and IT decision makers. The simple answer is: Yes, 6 in 10 SMBs across the U.S do feel overmatched.

61% of all SMBs surveyed admit cyberhackers’ technology and strategies are likely more sophisticated than their own cyberthreat protection resources. Interestingly, among some industry verticals, including ones that are highly regulated for data protection, there is stronger pessimism that cyber criminals’ more sophisticated tech would put the SMBs’ data security at risk. 

In the healthcare and pharmaceutical sector, 70% of all SMB leaders and IT decision makers believe cyberhackers possess more sophisticated technology than they do. Proportions of SMBs leaders who believe the same include:

  • Financial services and insurance: 69%
  • Manufacturing: 67%
  • Telecom: 64%
  • Construction 63%
  • Technology: 62%
  • Business services and consulting: 61%
  • Transportation and Logistics: 61%
  • Hospitality: 58%
  • Retail: 58%
  • Nonprofit: 57%

Consistent with the findings above, majority of SMB leader surveyed say they need to invest more in their organization’s cybersecurity. Of all SMBs surveyed nationally in over 14 key business sectors, not one produced a majority that believes their business invests enough in their cybersecurity. The most confident SMB sector in the Q1 survey was financial services and insurance, with 48% of leaders confident they are likely to be investing enough. In manufacturing, 24% believe they are likely to be investing enough (not exactly a strong vote of confidence). In transportation and logistics, a SMB sector that includes contractors intimately involved in our nation’s water, safety and transportation supply chains, fewer than 1 in 3 (29%) believe they are likely to be investing enough in protecting their systems and data from cyber breaches compared to the realistic level of cyberthreats they believe are targeted at their business.   

According to Troy Gill, senior security analyst at AppRiver, these results are worth noting as they reflect several facts he observes in real life. First, no business is impervious to cyberattacks. The shocking prevalence of high-profile breaches in the past few years has taught everyone that lesson all too well. If Equifax, a top credit agency, could fall victim to a breach of nearly 150 million records, then nearly no organization is safe. Secondly, Gill believes what the survey found in SMB leaders’ pessimism and perceived inferiority to cyberhackers likely stem from their own first-hand experience with cyberattacks. Lastly, the industry vertical breakdown points to a familiar pattern Gill has seen, where organizations more accustomed to dealing with critical and/or sensitive data tend to be the ones with the most sobering outlook. “I believe this is due in large part to having spent more time and resources trying to ensure the security of their data, and the lessons learned from the tough challenges they face daily to truly feel safe,” said Gill.



The AppRiver Cyberthreat Index for Business Survey is one of the most comprehensive cybersecurity attitudinal surveys of the U.S. business community, generating participation in Q1 2019 from 1,059 small-to-medium sized business leaders and IT decision makers, among which 48 percent hold CEO, president, owner, head of IT, or equivalent titles. To see more findings from the survey or learn about its methodology, Please visit