This week is National Small Business Week! Every year since 1963, the critical contributions of America’s entrepreneurs and small business owners have been recognized. This undoubtedly hits home for MSPs whose  clients consist of many small-to-medium-sized business (SMB) owners. It is your core mission to do everything you can to protect these businesses and ensure all their IT needs are covered. 

That's why we've compiled 19 SMB security statistics from our new research report, Underserved and Unprepared: The State of SMB Cyber Security in 2019. Below, find the data that validates the major risks and opportunities for SMBs—and MSPs—at hand.

Protecting Against Cyber Attacks Has Become the Highest Priority for SMBs

  1. 89% of SMBs see cybersecurity as the top or top five priority in their organization.

  2. 75% of SMBs agree that there should be more emphasis placed on security in their organization.

  3. 79% of SMBs are planning to invest more in cybersecurity in the next 12 months.

  4. 52% of SMBs say that protecting against cyber attacks is one of their organization’s biggest priorities in the next two years.


The Majority of SMBs Are Ill-Prepared to Deal with Cyber Attacks on Their Own

  1. 62% of SMBs lack the skills in-house to deal with security issues.

  2. 80% of SMBs are worried that they will be the target of a cyber attack in the next six months.

  3. 52% of SMBs feel helpless to defend themselves from new forms of cyber attacks.

  4. 56% of SMBs do not currently have specific cybersecurity experts in their organization.

  5. SMBs that have suffered a cyber attack report a total business cost of $53,987, on average.

  6. 64% of SMBs have reported that their organization has suffered a cyber attack.

Cybersecurity Has Become a Determining Factor in Whether an SMB is Likely to Use an MSP

  1. SMBs that plan to change MSPs are more likely to have seen inadequate cybersecurity protections from their MSP (32%) compared to those who plan to stay with their current provider (25%).

  2. 84% of SMBs who do not use an MSP would consider using one if they offered the “right” cyber security solution.

  3. 13% of SMBs who do not use an MSP feel confident in all cases that their organization would be able to defend itself during an attack.

  4. 93% of SMBs would consider moving to a new MSP if they offered the “right” cyber security solution, even if they weren’t planning to change.

  5. Of SMBs that use an MSP, 69% claim they would hold their MSP accountable at some level in the event of an attack.

  6. 74% of SMBs who use or plan to use an MSP would take legal action against them in the event of an attack.

  7. Almost eight in ten SMBs anticipate that at least half of their cyber security will be outsourced in five years’ time.

  8. 57% of SMBs currently outsources all or the majority of their cyber security.

  9. Nearly one in four SMBs has already changed their provider in the aftermath of a cyberattack.

Stats Don't Lie

From this data, the message to MSPs is loud and clear: if you’re not providing SMBs with comprehensive security services, you’ll run into competition from MSPs that can—and you’ll likely lose. SMBs won’t stop searching until they find the right solution that addresses their cybersecurity concerns.

Cybersecurity is now a must-have for your SMB clients. If you haven’t taken steps to improve your capabilities around cybersecurity or update your portfolio accordingly, now is the time to do so.

To dive deeper into the data, you can download the full State of SMB Cybersecurity in 2019 report here.