News
Report: Cyber Threats Driving SMB Worries (and Spending)
- By Sean Parker
- May 19, 2026
Over half of small to medium businesses (SMBs) name cybersecurity and data protection as top concerns, and the push to adopt AI is only muddying the waters.
In global survey of 2,210 SMBs conducted by research firm IDC and commissioned by Sage, a provider of financial software for SMBs, 52% ranked cybersecurity and data protection among their top business priorities for the next 12 months.
"Six in ten SMBs (60 percent) also expect to increase cybersecurity spending over the same period," according to the findings.
The research also found that 33 percent of SMBs prioritize scaling AI adoption in the following year. However, hackers are now increasingly using AI to bolster their cyber arsenals, placing SMBs in vulnerable positions.
"Small and medium-sized businesses are under growing pressure from cyber threats, and AI is making that challenge more urgent," UK Cyber Security Minister Baroness Lloyd said.
The research uncovered that one in two SMBs experienced an incident or data breach in the last 12 months.
Over 80 percent of SMBs are not prepared or remain in the early stages of preparedness for AI-related threats. At the same time, nearly a quarter have yet to implement dedicated protections for AI applications.
"The research suggests many SMBs still believe they are not a prime target for cyberattacks, despite threats becoming more sophisticated and widespread," said Joel Stradling, senior research director for European Security at IDC.
The findings illustrate a trio of points restraining SMBs:
- Smaller businesses remain the most vulnerable to cyber threats, with far fewer taking a proactive approach to security compared to medium-sized organizations.
- Many SMBs have basic security tools in place, but weak training and poor incident preparedness reduce their effectiveness during real attacks.
- As companies rely more on SaaS and third-party platforms, security oversight is failing to keep pace, creating growing blind spots in digital operations.
"Businesses that close the gap between growth ambitions and security readiness will be best placed to build long-term digital trust with customers, partners and investors."