Oct 17 2025
Security

How SMBs Can Stay Ahead of Evolving Ransomware Threats

Cybersecurity challenges move faster than many small and midsized businesses can respond, but a partner can help turn down the heat.

It’s been roughly 10 years since ransomware gangs moved away from targeting individuals and instead began extorting businesses. Over that period, many cybercriminals began to specialize, some focusing on “big game hunting” — going after enterprise businesses for vast sums of money — while others began hitting smaller targets that were less well defended, making up for the smaller ransoms in volume.

The latter approach appears to be a popular one, as small businesses are more than twice as likely (88% versus 39%) to face a ransomware attack compared with enterprises, according to Verizon’s 2025 Data Breach Investigation Report.

Small and midsized businesses (SMBs) — which we define as those with 250 or fewer employees — often have trouble addressing all their security needs. But they can benefit by seeking help from a partner who can handle some of the security responsibilities for which they may lack the staff or experience.

Click the banner below to learn why cyber resilience is essential to enterprise success.

 

How are your peers addressing security threats? Read the CDW Cybersecurity Research Report.

Small and Midsized Businesses Face Security Challenges

In The State of Ransomware 2025 survey from Sophos, we tracked some of the effects on SMBs. A few interesting data points emerged demonstrating the challenges they face.

First, we examined the root causes of their ransomware attacks and found that 29% of organizations reported that their attackers gained access by exploiting an unpatched vulnerability, while 30% reported that criminals used a stolen credential. These findings indicate that nearly 6 in 10 SMBs are struggling with security basics: failing to patch in a timely manner or lacking effective multifactor authentication.

These findings aren’t particularly surprising, as organizations have had these issues for years. But a deeper analysis sheds light on why we aren’t getting these basic functions right to begin with. This year’s research explored the organizational factors that left companies exposed to attacks; 45% of SMBs cited a “known security gap we had not addressed” as the operational root cause.

It's easy to think these organizations just don’t understand the importance of patching or having secure authentication protocols, but our research indicates that this is likely untrue for most. In fact, our results suggest that for many organizations, the problem lies in not having enough time to take care of every priority. In fact, 42% of SMBs cited “lack of people/ capacity” as the root cause of their ransomware attack, while another 42% cited “lack of expertise.”

LEARN MORE: How secure are modern collaboration platforms?

Finding the Right Solutions to Common Security Challenges

These are solvable problems. This isn’t a situation where SMBs are facing all-powerful hackers or nation-states that are impossible to keep out of their networks. Many of these businesses don’t have access to cybersecurity professionals, while others are unable to understand and prioritize their risks effectively.

Most individual tasks aren’t especially complicated. But much SMB security work is done by IT teams that are responsible for a variety of tasks, such as provisioning new laptops and deploying network infrastructure, as well as responding to phishing reports and applying patches to servers, endpoints and network equipment.

Many of these businesses are short-staffed, and those that want to hire a security professional to beef up their IT team might not be able to afford it or find the right person for the job. But in today’s security environment, leaving a firewall or VPN gateway unpatched for more than a day or two, or not investigating a security incident after a few hours, could be the difference between safety and a ransomware incident.

Getting Help From an Expert Security Partner

IT teams are not only responsible for security but also an important business enabler. By moving services to the cloud and deploying more advanced technologies, IT teams can drive efficiency and business growth (which, unsurprisingly, is often a higher priority for leadership).

But security is becoming a higher priority. Managed detection and response services, managed security services and virtual CISO services have been growing exceptionally fast, especially among smaller organizations. If an SMB can’t afford a full-time 24/7 security team, why not share one with other businesses and reap the benefits without the costs?

The Sophos 2025 Active Adversary Report showed significantly better outcomes for organizations that employ an MDR service compared with those that handle threat investigations in-house; 64% of organizations that engage an incident response services partner experienced ransomware, versus only 29% that used our MDR services.

IT teams that work with an MDR partner still must handle their security responsibilities, but the engagement frees them to focus on the security aspects most important to their business. They don’t have to spend their limited time trying to do complicated risk assessments or staying ahead of the latest vulnerabilities hour by hour.

There is good news for SMBs as well. In 45% of ransomware attacks, businesses were able to successfully stop the attack before data was encrypted, a significant increase from only 27% in 2024. The criminals aren’t hacker geniuses; they are simply persistent in seeking those who have fallen below the security poverty line. With increased monitoring and advice from trusted partners, we can protect SMB networks without breaking the bank.

Oselote/Getty Images
Close

New Workspace Modernization Research from CDW

See how IT leaders are tackling workspace modernization opportunities and challenges.