SMBs are Underestimating Damage Caused by a Cyberattack

AppRiver has published the results of its Q3 Cyberthreat Index for Business Survey, which have revealed that SMBs are underestimating the consequences of a successful cyberattack. The survey was conducted in the United States on 1,083 cybersecurity decision-makers at SMBs with under 250 employees.

One of the main findings is the extent to which SMBs are underestimating the cost of a cyberattack, which on SMBs has been estimated to be $149,000 on average in the United States. 67% of SMBs with 1-49 employees estimated the cost of such an attack would be less than $25,000 and 55% said they expected the cost to be less than $10,000.

SMBs do not appear to be underestimating the risk of an attack occurring, as 72% said they had experienced a phishing attack in the past 3 months, but the survey has shown that SMBs are slow to address vulnerabilities. For instance, patches are only applied immediately by 38% of SMBs.

Even though the risk of a cyberattack occurring has increased, SMBs appear to be doing little to improve their defenses. Almost a third of respondents at smaller SMBs said they “have not done much” to improve their cybersecurity readiness since 2018. Even though little has been done to improve their defenses, 37% of those respondents said they thought their defenses were better than this time last year.

Based on responses to questions across a broad range of cybersecurity areas, an index score was calculated. This was the first quarter where the index score passed the 60-point mark, although only just at 60.5. The increase suggests SMBs are more aware about the threats they face and that there is a higher level of alertness.

The high number of data breaches reported in the media has helped raise awareness of the seriousness of the threat, so it is understandable that SMBs are more concerned. That said, it remains a challenge to translate that concern into positive actions that reduce susceptibility to cyberattacks.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of