Apr 13 2026
Security

Ransomware Is Moving Faster Than SMBs Can Respond

The best response: security services, which can fortify overwhelmed IT teams
Chester Wisniewski
by

Chester Wisniewski is Director, Global Field CISO at next-generation security leader Sophos, with more than 25 years of security experience. He developed an interest in security and privacy while learning to hack from bulletin board text files in the 1980s, and it has since become a lifelong pursuit. 

We are approaching 10 years since ransomware gangs pivoted from targeting individual computers to focusing on extorting businesses for big paydays. Over that period, many have begun to target smaller, less well-defended targets.

Small businesses are more than twice as likely than enterprises (88% versus 39%) to face a ransomware attack, according to Verizon’s 2025 Data Breach Investigation Report. In The State of Ransomware 2025 survey from Sophos, we tracked some of the impacts affecting small and midsized businesses.

Click the banner to sign up for our newsletter and receive more business IT insights.

bt-priorities-smlbiz-animated-2024-desktop_0 (2) (2) (1).gif bt-priorities-smlbiz-animated-2024-mobile_0 (2) (2) (1).gif

 

What the Data Shows About SMB Breaches

The most important impact we examined was the root cause of attacks on small businesses, and we found a clear pattern: 29% reported the attackers gained access by exploiting an unpatched vulnerability, while 30% reported the criminals used a stolen credential. That means 6 in 10 small businesses are failing at the very basics of security hygiene, which includes routine patching and effective multifactor authentication.

The reason is a lack of resources: 42% of small businesses said they had too few people to address a known vulnerability, and the same number said they lacked the expertise to fix it. No wonder then that a “known security gap we had not addressed” was cited as the operational root cause of a breach for 45% of respondents.

In short, small businesses suffer from a lack of access to cybersecurity professionals and an inability to understand and prioritize risks. These are solvable problems.

BE PREPARED: Learn how the right partner can help your organization achieve its security goals.

Small Business IT Teams Are Overwhelmed

Small business IT teams are responsible for everything from provisioning new laptops to deploying network infrastructure, managing applications and, yes, responding to phishing reports and applying patches to servers, endpoints and network equipment.

It’s tempting to put security on the back burner. But in today’s environment, leaving a firewall or VPN gateway unpatched for more than a day or two, or not investigating a security incident for even a few hours, can be the difference between safety and a ransomware incident. With security top of mind, organizations are looking to divide and conquer these tasks.

Click the banner below to read the recent CDW Cybersecurity Research Report.

x_security_q325_animated_click_desktop_01_1_0.gif x_security_q325_animated_click_mobile_01_1 (1).gif


By moving services to the cloud and deploying more advanced technologies, small businesses can drive efficiency and growth even as they improve security. Among the options, Managed detection and response services, managed security services and virtual CISO services have been growing exceptionally fast in popularity, especially among smaller organizations.

The reason is simple: Businesses that lack the budget for a 24/7 security team can access services that allow them to share one with other small businesses. Why not reap the benefits with lower costs?

NEXT UP: What are the most security trends to follow right now?

Security Services Reduce Business Risk

We know that such services are effective. The Sophos 2025 Active Adversary Report showed significantly better outcomes for organizations employing an MDR service versus handling threat investigations in-house; for example, incident response customers experienced ransomware 64% of the time, whereas MDR incident response events included ransomware in only 29% of cases.

This approach doesn’t absolve small businesses of all security responsibilities, but it does free them to focus on the security aspects specific to their business, rather than spending their limited time trying to do complicated risk assessments and staying current on the latest vulnerabilities hour by hour.

The criminals aren’t hacker geniuses. They are simply persistent in seeking those who have fallen below the security poverty line. With increased monitoring and advice from trusted partners, we can protect SMB networks without breaking the bank.

cofotoisme/Getty Images

More On

Related Articles

Close

New Research from CDW on Workplace Friction

Learn how IT leaders are working to build a frictionless enterprise.

Click Here to Read the Report