A report from CrowdStrike assesses the current state of cybersecurity among small and medium-sized businesses (SMBs), providing insights into how these organizations are operating in today’s shifting threat landscape.

Notably, the report reveals a gap between cyber awareness and preparedness for these organizations. Among SMB leaders, 94% believe they are “somewhat” or “very” knowledgeable about cybersecurity threats; however, less than half offer regular employee training. Furthermore, only 11% are currently deploying AI-driven defenses.

Threats to SMBs

83% of SMBs have a cyber plan in place; nevertheless, organizations with plans in place were just as likely to experience a breach as those without. The report found that many of these plans were incomplete, outdated or inadequately implemented.

Such vulnerabilities can be exploited by ransomware, phishing campaigns or identity-based attacks, particularly among the smallest organizations. Among companies with less than 25 employees, 29% reported experiencing ransomware attacks. Furthermore, 75% say a significant cyberattack could entirely shut down operations.

Ms. Kris Bondi, CEO and Co-Founder of Mimoto, elaborates on cyberattacks SMBs may be subjected to, stating, “The rise of AI is growing the sophistication, speed, and ultimately, the success of attacks. The biggest risk AI brings to businesses, both small and large, is the ability for cybercrime to scale quickly. Just like any other business, AI enables the ability to automate and perform more functions quicker. For cyberattackers, this means the ability to launch more attacks with the same resources. For example, brute force attacks are faster as is the ability to experiment with different AI generated attacks simultaneously. Other AI risks include the relatively new phenomenon of sophisticated attack tools now being available to unsophisticated bad actors and, of course, the use of deepfakes, which continue to improve.”

Adopting New AI Tools 

While 11% using AI-powered protection, 36% are considering investing in new tools.

Darren Guccione, CEO and Co-Founder at Keeper Security, comments, “Although Crowdstrike’s 2025 State of SMB Cybersecurity Report shows that small-to-medium businesses lag behind in adoption of new technologies, these businesses have a variety of scalable, approachable security solutions with AI assistance available. While AI-based tools open worlds of possibilities, organizations of all sizes must proceed with caution. CrowdStrike reported that 50% of SMBs feel overwhelmed by the amount of cybersecurity solutions present on the market, often feeling lost and unable to start. These organizations should begin with a thorough cybersecurity risk assessment, which can inform their search for relevant support.”

When it comes to searching for a cybersecurity solution, cost typically drives SMB leaders’ decision-making. 67% prioritize affordability, while 57% prioritize security against advanced threats. Additionally, only 6.5% think their cybersecurity budget is sufficient.

“AI security tools offer advanced security features that often surpass human capabilities, which can enhance threat detection, automate responses and improve incident management,” says Guccione. “These capabilities can prove invaluable to SMBs with a small cybersecurity team, especially since CrowdStrike’s report indicates that nearly 47% of organizations under 50 employees reported not having a cybersecurity plan for their company. However, SMBs must always cautiously and carefully implement AI to avoid risks like data poisoning or biased models. Without human oversight, AI can make critical mistakes, causing these tools to hurt more than they help.”