ChannelLife US - Industry insider news for technology resellers
United States

Guides

#
cloud services
#
cybersecurity
#
distributors
#
microsoft
#
partner programmes

Search

Worried small business owner at desk cyber attack warning office
#
Firewalls
#
DR
#
Ransomware

US small firms face rising cyber attacks amid weak defences

Fri, 9th Jan 2026
Author image
By Joseph Gabriel Lagonsin, News Editor

Nearly half of small and medium-sized businesses in the United States have already suffered a cyber attack, according to new research from cybersecurity firm Guardz, which also found that many still manage security in-house without specialist expertise.

The study surveyed 800 owners of US-based businesses with more than ten employees across sectors including retail, healthcare, finance, manufacturing, education and technology. It found that 43% of respondents reported at least one cyber attack in the past five years, with 27% targeted in the last 12 months.

Guardz said concern about digital risks is widespread among smaller firms. Four in five respondents said cybersecurity needs in their industry had increased over the past year. A further 61% expected overall cyber risk to rise in the year ahead.

Despite this, 52% of SMBs still rely on an untrained internal staff member or the business owner to manage critical security functions. They do not use external professionals such as managed service providers.

"In 2025, SMBs are confronting the reality that cyber threats are no longer distant possibilities, but daily risks with the potential to disrupt or even destroy a business," said Dor Eisner, CEO and Co-Founder of Guardz. "This research confirms that businesses increasingly recognize the value of experienced service partners. Those that try to manage risk on their own lack the expertise, resources, and tools needed to stay resilient. The data shows that organizations with strong preparation, grounded in clear processes and trusted partners, are far better positioned to avoid disruption and maintain continuity."

Common weaknesses

Respondents reported persistent vulnerabilities around widely known threats. Phishing, ransomware and employee mistakes ranked as the most pressing problems.

Nearly half of SMB owners, 45%, cited employee negligence as their biggest cybersecurity concern. This concern was particularly high in the education sector.

Among those hit by an attack, 64% said they recovered quickly. A smaller group, 3%, reported severe, lasting damage to their business.

Basic security tools are in place in many organisations, but coverage is uneven. Some 58% of SMBs said they use network firewalls. A smaller share, 52%, use email and spam filters, while 41% reported having endpoint protection in place.

Testing of defences remains inconsistent. More than a quarter of respondents, 26%, said they do not conduct regular penetration tests or security assessments.

Legacy infrastructure is another issue. In the survey, 42% of SMBs said they were worried about outdated technologies. Healthcare businesses reported the highest level of concern in this area.

Spending gaps

Guardz reported signs of rising awareness in budgets, against a backdrop of fast-evolving threats. Half of SMBs said they had increased cybersecurity spending over the past year, with 17% reporting a significant increase.

Average spending per employee remains relatively low. The survey found that 16% of respondents allocate less than USD $50 per user each year.

Many business owners could not quantify their outlay on security at all. Nearly a third, 31%, said they did not know how much they spent on cybersecurity.

Formal planning also appears limited. Only 34% of SMB owners said they have a formal incident response or business continuity plan that they developed with a cybersecurity professional.

Insurance cover mirrors that pattern. Some 27% of SMBs reported that they do not have cyber insurance.

Guardz said that in one-third of cases, 33%, the business owner personally handles alerts and incident resolution. The company said this work is time-consuming and sits outside the core expertise of most owners.

An additional 13% of SMBs rely on untrained employees to handle alerts. Guardz said this reinforces operational fragmentation around cybersecurity responsibilities.

Role of MSPs

The report identified a growing role for managed service providers as specialist partners for smaller companies. Rising threat levels and concern about customer trust are pushing more SMBs towards external support.

According to the survey, 52% of SMBs that work with an MSP said fear of cyber attacks was their main reason for engaging an outside provider. A further 40% cited a sense of responsibility to customers and stakeholders.

Respondents also pointed to compliance requirements, cyber insurance conditions and a growing need for specialist knowledge as important drivers for MSP engagement.

Preparedness appears to play a decisive role in outcomes when incidents occur. Guardz found that 80% of SMBs with a formal incident response plan in place avoided major damage during an attack.

"The data shows that organizations that invest in clear processes and trusted partners not only recover more quickly from incidents, but often avoid severe disruption altogether," said Eisner.

Related stories
Pinewood.AI unveils Pi as it enters North America
Cohesity boosts identity resilience for hybrid AD, Entra
Snowflake, TVS Next tie up on NexOps for manufacturers
New Relic unveils monitoring for ChatGPT i-frame apps
Twilio, AEG sign fan engagement & data partnership

Top stories

AlphaTheta unveils DJM-V5 mixer with wireless monitoring
Rocket Software unveils ContentEdge for safer GenAI
Syrenis launches US hub to tap privacy tech demand
Gigamon honours global partners in channel-first push
BIXOLON, Printec power thermal receipt kiosks push