Smaller businesses know they need to strengthen their cyber defenses. Yet as a new SMB tech report reveals, many lack the resources to do so.
All it takes is a quick glimpse at the latest headlines to understand just how real the risk of a cyberattack is to a small and midsized business (SMB). One day it’s a malware or ransomware attack; the next it could be phishing or fraud perpetrated with generative AI.
The reality is, any business that simply uses email or connects to the internet is vulnerable to cyberattacks. And the larger a company’s digital footprint becomes, the greater the risk of attack. As much value as advanced software applications artificial intelligence capabilities and the like bring to an SMB, they also introduce new surfaces that must be protected.
This year, Kinetic Business, a leading residential and business fiber-internet provider, released a report that reveals a startling disconnect in how SMBs approach cybersecurity. Based on a survey of more than 300 business owners, directors, and managers, the 2025 Small and Medium-Sized Business Technology Report issues a strong call to action for SMBs to take aggressive measures to shore up their cyber defenses — before they’re attacked.
We sat down with Kinetic Business President Michael Flannery to get an insider’s perspective on the report findings and how they might impact a company’s supply chain, along with his recommendations on how companies can protect themselves in an increasingly threatening digital environment.
Supply Chain Xchange: Tell us about some of the top-line findings from the Kinetic report. What stood out to you most from the data you collected from SMB leaders?
Michael Flannery: When we developed this survey report, we wanted to learn more about how small and medium-sized businesses approach and apply technology — their strengths and weaknesses, needs and wants, priorities and preferences. Mostly, we wanted to give SMBs a way to gauge themselves relative to their peers when it comes to technology. And when we crunched the numbers, what really jumped out to us were the findings related to cybersecurity.
We saw a disconnect where many leaders acknowledge the growing threat of cyberattacks and desire to take measures to protect their organizations, yet they lack the resources to invest in those defenses. For example, we found that a majority (59%) of respondents said their business needs to improve cybersecurity and compliance. However, less than half (49%) said their organizations intend to invest in cybersecurity technology this year. And, tellingly, 52% indicated they lack confidence in their organization’s ability to manage a cybersecurity threat due to fewer resources to implement better security technology. This shows that SMBs are stretched thin when it comes to time, expertise and the resources necessary to mount a proper defense against cyber criminals. That invites trouble.
SCX: What’s your sense of how Kinetic’s findings correlate to findings from other, similar surveys that you’ve seen?
MF: There’s a clear consensus that SMBs are in the crosshairs of cyber criminals, and that because an attack can be devastating to an organization, they need to ensure they’re protected. In many cases, though, they lack adequate resources to make the necessary security investments. Some data points from other recent reports that speak to the threat:
- Almost half — 46% — of the more than 5,000 small and medium-sized business owners that Mastercard surveyed experienced a cyberattack on their business, and nearly one in five that suffered an attack then filed for bankruptcy or closed their business.
- In the past year, according to a report from Nationwide, roughly one-quarter of small business owners were targeted by a scam that used generative AI (fraud involving email, voice or even video impersonations).
- Small business owners “overwhelmingly underestimated the scope of damage a cyberbreach can bring,” according to Nationwide. More than 80% said they believe an attack on their business would cost less than $5,000, yet the average cyber claim for a small business ranges from $18,000 to $21,000. What’s more, recovery time can be as long as 75 days.
Numbers like these are real eye-openers.
SCX: Because ours is a supply chain-focused audience, what conclusions do you draw from the Kinetic findings that are relevant to supply chains?
MF: Our report findings don’t directly address supply chain issues, but organizations need to be mindful of the very real threat of third-party attacks—also known as supply-chain or value-chain attacks—where a business is victimized by an attack initiated on a supplier, partner, etc. For example, according to figures cited by Dark Reading, breaches and outages that originated with third parties accounted for 31% of cyber-related insurance claims. Damages from ransomware attacks targeting a third party resulted in an average cyber insurance claim of $241,000 per incident, up 72% from 2023. So as strong as your own organization’s cybersecurity defenses may be, you still could be vulnerable to attack initiated on one of your vendors. The reality for many businesses is that their cyber defenses are only as strong as those of the other organizations within their business ecosystems.
That makes cooperation and collaboration a must with suppliers, partners and others within your business ecosystem. Not only do you have to take care of your own house when it comes to cybersecurity, you have to communicate and work with the other folks inside that ecosystem to ensure the measures they have in place are strong enough to protect your organization from third-party threats.
SCX: We know how real the cybersecurity threat is for small and midsized businesses. We also know that SMBs face budget constraints that can limit how much they invest in cybersecurity. How to create a cybersecurity strategy that balances those realities?
MF: As data from the Kinetic Business report and other sources suggest, cyber criminals have shifted their sights downstream to smaller businesses, which often lack the advanced defenses required to thwart attacks and may be more inclined to pay up following a ransomware attack, for example.
It takes sophisticated, persistent strategies to counter sophisticated, persistent attackers. My first piece of advice is simple and obvious: Do something. Don’t stand by and hope it doesn’t happen to you. Even small measures are better than none at all.
One measure is to connect with folks in your business ecosystem — suppliers, service providers, partners, etc. — and ensure they have strong enough measures in place to protect against potential third-party attacks. Likewise, they should be seeking similar assurances from your organization.
Generally speaking, the more an organization can do to fortify its defenses with multiple security layers, the better equipped it will be to combat cyberattacks. Many of these layers fit within an SMB’s budget — and in fact some come embedded within a service a company might already have, like business internet.
At minimum, an SMB should look to put in place measures like an integrated firewall. That’s a feature you can find built into some business internet services. Multifactor authentication provides another important layer of protection. ZTNA (zero-trust network access) and an endpoint security solution are also proven to be effective. For many companies on the smaller end of the SMB spectrum, measures like these provide adequate protection.
Ultimately, you should implement cybersecurity solutions that scale with your business as it grows, readily integrate with your existing tech infrastructure, and protect all the surfaces that need defending, without requiring extensive resources or expertise. But there’s more to it—you also need to support your security investments with hands-on training and education, so people across your organization understand your cybersecurity policies and procedures, and not only do they know how to apply the tools at hand, but they also actually use them.
SCX: The Kinetic SMB report addresses a variety of tech-related issues beyond cybersecurity. Talk about some of the other findings that stand out to you.
MF: While SMB leaders identified cybersecurity as one of their most pressing challenges, they listed current economic conditions (42%), budget constraints/cost reductions (41%), recruiting and retaining skilled employees (30%), growth and expansion (36%), and modernizing outdated technology (27%) as top business concerns.
In fact, technology-related issues are top of mind for many of these businesses. Whether it’s reliable high-speed internet, cloud-based apps, or artificial intelligence capabilities, they’re very much interested in exploring the latest generation of tech capabilities. But there’s a catch: Many lack the budget and resources to do so. In our report, two-thirds (66%) of leaders identified finding the budget to invest in new technologies as a top challenge.
On the network connectivity front, system speed and efficiency are top priorities for SMBs, with more than half (56%) identifying high-speed business internet/connectivity solutions as a priority. Virtual collaboration tools are another priority, as just over one-third (34%) of respondents said they plan to invest in video conferencing/collaboration solutions. Cost and implementation time are the factors that weigh heaviest in their tech investment decisions.
The decision-makers we surveyed identified three areas where they expect their tech investments to deliver the most value: improving customer experience (58%), increasing revenue (58%), and increasing efficiency (47%).
It’s also worth noting that 40% of survey respondents said they lack technical expertise and training when it comes to evaluating, implementing and maintaining tech capabilities. The message here is clear: When it comes to technology investments, many SMBs want more than just a third-party tech vendor; they want a true partner who will support and advise them throughout their technology journey.
As technology continues to advance, it is more important than ever for SMB business leaders to proactively protect their organizations from cyberthreats and safeguard against all vulnerabilities. There are budget-friendly, comprehensive security solutions out there and technology providers that are ready to help.
The Kinetic Business 2025 Small and Medium-Sized Business Technology Report is available for free download here. To learn more about Kinetic Business internet and security solutions, visit KineticBusiness.com.
