Nearly Half of SMBs Feel Vulnerable to Imminent Cyberattacks

A recent AppRiver survey shows growing concern among SMBs regarding cyberthreats

How would you feel if you were told you would be vulnerable to an imminent car crash? Or imminent food poisoning? Or even just an imminent chance of slipping on a banana peel?

Cybersecurity Live - Boston

Most people would do something immediately to protect themselves. After all, who wants to take chances in the face of unfavorable odds or live perpetually in fear?

For many small-to-medium sized businesses (SMBs) in the U.S., fear is a fact of life. In the latest AppRiver Cyberthreat Index for Business Survey, 40% of all C-level executives and IT decision makers in SMBs say they feel vulnerable to imminent cyberattacks. The survey was conducted in April 2019 among 1,035 SMBs nationwide. In some industry sectors, the numbers are even higher.

Following is a breakdown of the SMB sectors in which the greatest numbers of executives and IT leaders feel most vulnerable to “imminent” cyberthreats:

  • Technology: 55%
  • Finance and insurance: 55%
  • Business services and consulting: 45%
  • Retail: 43%

The level of fear increases in proportion with company size. Among larger SMBs with 150-250 employees, 52% believe they are vulnerable to imminent cyberattacks.

This all may sound unsettling for a business owner or senior team member, especially when nearly half of them believe the likelihood of being targeted in a cyberattack is imminent. But that’s not the worst news—more disturbing is that the other half, who are more optimistic, are also likely wrong.

In the same AppRiver survey, 69% of all SMBs reported their business has been targeted in at least one cyberattack within the past quarter. In another survey, the “2018 State of Cybersecurity in Small and Medium Sized Business Study,” 67% have experienced email-based cyberattacks. So, even though less than half think they might be targeted, 7 in 10 actually are.

As digital data storage increases among businesses, so does the financial incentive for cybercriminals. This applies to businesses of all sizes, but SMBs are particularly attractive to hackers given their limited resources for preventing, detecting and responding to cyberthreats. Attackers are certainly fine with stealing from several targets what they may otherwise gain from a single victim, as long as at the end of the day their coffers are filled.

In addition to tracking more advanced malware attacks targeted at SMBs, Troy Gill, senior security analyst at AppRiver, said he also noticed a rise in social engineering in the small-business community. “We see new customers coming to AppRiver after falling victim to a Business Email Compromise (BEC) attack when they unknowingly transferred large sums of money to attackers. One in particular recently lost nearly a million dollars,” said Gill. “With the average cost per BEC attack estimated at over $130,000, this is a blow many SMBs simply cannot afford, and many never recover from.”

About the Survey

The AppRiver Cyberthreat Index for Business Survey is one of the most comprehensive cybersecurity attitudinal surveys of the U.S. business community, generating participation in Q2 2019 from 1,035 small-to-medium sized business leaders and IT decision makers, among which 80 percent hold CEO, president, owner, head of IT, or equivalent titles. To see more findings from the survey or learn about its methodology, please visit

Geoff Bibby

Featured eBook
Managing the AppSec Toolstack

Managing the AppSec Toolstack

The best cybersecurity defense is always applied in layers—if one line of defense fails, the next should be able to thwart an attack, and so on. Now that DevOps teams are taking  more responsibility for application security by embracing DevSecOps processes, that same philosophy applies to security controls. The challenge many organizations are facing now ... Read More
Security Boulevard

Geoff Bibby

Geoff Bibby joined Zix in September 2003 and serves as Vice President of Marketing. Geoff has more than 15 years of experience in high tech marketing. Prior to Zix, he spent 6 years at Entrust Inc., an internet security vendor, where he served in various management roles, including Marketing Director for Entrust European operations. Geoff earned a bachelor of commerce degree with honors in marketing from the University of Guelph in Guelph, ON, Canada.

geoff-bibby has 1 posts and counting.See all posts by geoff-bibby