The digital landscape for small and medium-sized businesses (SMBs) and midmarket enterprises is a minefield fraught with evolving threats and escalating costs. Techaisle’s latest 2025 SMB and Midmarket Security Adoption Surveys paint a stark picture: while some metrics suggest a plateau in security incidents, the financial impact, and perceived vulnerability are on the rise, driven by factors like AI-powered threats and persistent staffing challenges. This blog delves into the key findings, offering a comprehensive look at the state of cybersecurity for these critical segments.
The Bottom Line: Escalating Financial Losses Amidst Perceived Vulnerability
Let's start with the hard numbers. The average loss for SMBs due to security incidents in 2024 surged to US$1.6 million, up from US$1.4 million in 2023. This increase, despite a seemingly stable incident rate (44% in 2024, consistent with 2023 but down from 56% in 2021 and 2022), highlights a crucial point: the attacks are becoming more sophisticated and costly. While the frequency might be leveling, the severity and financial ramifications are intensifying. Adding to the complexity, despite the downward trend from 2021/2022, a concerning 68% of SMBs feel under-prepared compared to their peers, a slight uptick from 65% in the previous year. This discrepancy between perceived incident rates and felt vulnerability indicates a growing awareness of the sophistication of modern threats and a lingering sense of inadequacy in defense mechanisms.
The Threat Landscape: AI, Attacks, and Denial of Service
Techaisle's research identifies the top cybersecurity risks as cyberattacks, risks related to the use of AI, and denial-of-service (DoS) attacks. The rise of AI as a security risk is particularly noteworthy. In 2025, 56% of SMBs anticipate new security risks stemming from AI, up from 48% in 2024. This burgeoning concern reflects the dual-edged sword of AI: while it offers potential security benefits, it also introduces new attack vectors and amplifies existing ones. The escalating concern about AI-powered threats is logical. Bad actors increasingly leverage generative AI to craft sophisticated phishing campaigns, automate malware development, and amplify social engineering attacks. This trend is not just theoretical; it’s a tangible threat that SMBs are grappling with.
