Tech leaders at small- to medium-size businesses (SMBs) are eager to increase their investment in cybersecurity as more than three-quarters (78%) of respondents said they feared a successful attack could put them out of business.

The global survey of 700 IT and business decision-makers conducted by Vanson Bourne and commissioned by ConnectWise revealed that nearly all (96%) SMBs had already been the victim of a cyberattack.

In the wake of these breaches, SMB tech leaders are concerned they lack the in-house resources and talent to defend against the next attack.

The most surprising survey finding was the sheer number of SMBs that have faced a cyberattack in the past, said Raffael Marty, ConnectWise’s executive vice president and general manager for cybersecurity. “Almost every single one has been a victim, and ransomware attacks are still on the rise,” he said.

These lucrative attacks, backed by professional cybercriminals, are executed in various ways. “Most commonly exploit well-known vulnerabilities that could have been prevented,” Marty said. Small business owners should keep their software updated and work to prevent shadow IT and shadow SaaS usage.

GenAI Offers SMBs Rewards and Risks

AI can analyze vast amounts of data to identify patterns and anomalies that may indicate a security threat, allowing quicker detection and response.

Perhaps GenAI platforms can help by providing insights into where and how to deploy security measures, Marty said. “Interact with one of the AIs, explain your setup and ask it for guidance, from threat detection and compliance mandates to cyber insurance tips.”

Ani Chaudhuri, CEO of Dasera, agreed that AI and GenAI advancements offer SMBs powerful tools to improve their cybersecurity defenses, but the new technologies also have risks.

On the positive side, AI can predict potential security incidents by analyzing historical data, enabling proactive measures to prevent attacks and make informed security decisions. “However, AI models can be biased or produce false positives, leading to unnecessary alarms and potential security oversights,” Chaudhuri cautioned. “Over-reliance on AI without understanding its limitations can create vulnerabilities.”

Chaudhuri advised SMBs to ensure they clearly understand how AI tools work and maintain a balance with human oversight. SMBs often lack the extensive internal expertise required for sophisticated cybersecurity measures. “However, they can still enhance their security posture through several practical strategies,” he said.

Using automated security solutions, such as vulnerability scanners and endpoint detection and response (EDR) tools, can help SMBs efficiently identify and mitigate threats. Implementing basic security practices, such as regular software updates, strong password policies, and multi-factor authentication (MFA), also significantly reduce vulnerabilities.

With 83% of SMBs planning to increase their cybersecurity budgets, Marty explained, they should prioritize those investments to achieve the best improvements in their security infrastructure. It all starts with assets and vulnerabilities. “Make sure you have a good vulnerability management program to start with; and expand from there to endpoint protection. These two pieces lay a great foundation.” Next, he advised adding security awareness and SaaS security. “But start with those basics.”

Developing and maintaining a comprehensive incident response plan can help SMBs quickly and effectively respond to security breaches, minimizing damage and recovery time, Chaudhuri said. “Regular security awareness training for employees can reduce the risk of human error, which is often a primary factor in security incidents.”

Investing in endpoint protection solutions can safeguard devices from malware, ransomware, and other threats. To protect sensitive data from unauthorized access and breaches, ensure that it is encrypted in transit and at rest.

“While SMBs face significant cybersecurity challenges, adopting practical strategies, leveraging advanced technologies, and prioritizing key investment areas can significantly enhance their security posture,” added Chaudhuri. “By staying informed and proactive, SMBs can protect their assets and maintain operational integrity.”