SMBs Fear Phishing More Than Any Other Threat

November 10, 2022

What are SMBs most worried about in terms of security? The Kaseya Security Insights Report 2022 offers a look at the security concerns and challenges that SMBs are facing right now as well as what they expect they’ll have to deal with in 2023. We surveyed 675 IT security professionals and SMB leaders from around the world about their IT needs and perspectives. The Kaseya Security Insights Report gives you our analysis of the data that we collected about their top concerns, their biggest security pitfalls and what they’re doing to keep their organizations secure in a dangerous world. 

Excerpted in part from the Kaseya Security Insights Report 2022. DOWNLOAD YOUR COPY>>

Who did we survey? 

The Kaseya Security Insights Report 2022 is an analysis of a subset of data collected in a larger Kaseya Insights Survey in April and May 2022. The security subset data was gathered from 675 internal business IT professionals and business leaders around the world as part of that larger survey. The majority of survey respondents (77.19%) were representatives of U.S. companies (see Figure 1). About one-quarter of the companies surveyed had revenue in the $1 million to $10 million range (24%, see Figure 2) and employed 101–500 people (see Figure 3).  

Where is your corporate headquarters?  

Region Responses   
North America 85% 
APAC  1% 
EMEA 7% 
Other 7% 

Source: Kaseya

See the state of email security in 2022 and the threats that should be on your radar in 2023. GET EBOOK>>

Phishing is Most SMBs Top Concern 

Key takeaway: 52% of survey respondents identified phishing as their primary security concern 

The business cyber threat landscape is constantly evolving, but a few threats dominate the current picture. Phishing and email fraud are far and away the most common threats and the most fearsome for SMBss. In today’s era of Phishing-as-a-Service (PhaaS), phishing is becoming even easier, cheaper and faster for the bad guys, which is bad news for everyone else. An estimated 80% of reported security incidents are phishing-related these days. Over half of our survey respondents pointed to phishing and email fraud as the primary security threat facing their organization. That tracks with the current threat landscape where the nastiest cyberattacks like business email compromise (BEC) tend to be phishing based. Ransomware held the second spot, with nearly one-quarter of businesses saying they worry about it the most. 

What is the primary security threat to your organization?  

Security Threat % of Respondents 
Phishing/email fraud    55%   
Ransomware    23%   
Password compromise 15% 
Account takeover (ATO) 6%   
Other 2% 

Source: Kaseya

Get the guide that helps you detect & defeat dangerous BEC attacks to keep your company out of trouble! DOWNLOAD IT>>

Almost Half of SMBs Have Been the Victim of a Cyberattack 

Key takeaway: 49% of organizations have experienced a successful cyberattack or security breach with about one-fifth saying that security breach happened in the last 12 months.  

Businesses have been dealing with a steadily increasing stream of cyberattacks, and that pressure has resulted in some unpleasant security outcomes. While about half of the survey respondents have yet to endure a cyberattack, the other half of respondents weren’t so fortunate. Almost one-quarter of the businesses surveyed (19%) said that they’d endured a cyberattack or security breach within the past 12 months. The percentage rises to a little over one-third (34%) when expanded to a three-year span. With so many of the organizations that we surveyed having experienced at least one cyberattack hit or data disaster, it’s easy to see that it’s no longer a question of “how” or “if” but “when” a company will fall victim to a cyberattack. As threats evolve and security challenges mount, strengthening a company’s cyber defenses including email security must be a top priority. 

Has your organization experienced a successful cyberattack or security breach? 

Timeframe  Responses  
Never  26% 
Within the past 6 months  16% 
Within the past year  22% 
Within the past 3 years  24% 
Over 3 years ago  12% 

Source: Kaseya

phishing in silver on a pink background on top of a skull and crossbones

Is your email security solution really getting the job done? This checklist helps you find out! GET CHECKLIST>>

SMBs Expect to Suffer a Cascade of Losses from Ransomware

Key takeaway: 63% of companies said they believe they would incur downtime and data loss if they fell victim to a ransomware attack 

Any business that falls victim to a successful cyberattack faces a long and expensive road to recovery. That road can be even more expensive if ransomware is involved. Most survey respondents are cognizant of that, with two-thirds of them stating that while their companies would likely recover from a ransomware attack, they would lose data and incur downtime. Almost one-third felt that their organizations would recover quickly with little downtime. It’s heartening to see that only about 3% of the companies surveyed would consider paying the ransom, a move that experts have been decrying for years that can also be illegal. 

If you had to recover from a ransomware event, how confident are you that you could recover quickly with minimal data loss and downtime?  

Confidence in Recovery Response 
We’d likely recover but we would incur downtime and data loss    63%   
100% confidence in quick recovery with minimal downtime    29% 
We’d be in big trouble 4% 
We’d consider paying the ransom 3%   

Source: Kaseya

But even with security professionals on the job working day and night to keep organizations out of trouble, the steadily increasing pace of cyberattacks has been a major contributor to the fact that half of the businesses that we surveyed have experienced a cyberattack, data breach or another cybersecurity disaster.  Businesses need to make security improvements that will help reduce their risk of joining that number – like choosing better email security that can handle today’s sophisticated phishing threats.  

Learn the ins and outs of today’s wide variety of phishing attacks & how to stop them in Phishing 101. DOWNLOAD IT>>

Graphus Prevents Nearly All Phishing-Based Cyberattacks 

Graphus’ AI-powered email security is a powerful defense against today’s most spine-chilling email-based threats. Compared to built-in email protection or an SEG, automated, API-based email security solutions like Graphus prevent 40% more spear phishing messages from reaching an employee’s inbox. Here’s how:      

  • TrustGraph is a powerful shield between employee inboxes and malicious messages. This proprietary technology uses more than 50 distinct data points to discover sophisticated phishing messages, even zero-day attacks.       
  • EmployeeShield displays a bright, prominent box on suspicious messages, reminding them to be cautious. Employees can designate a message as genuine or malicious with a single click.       
  • Phish911 makes it simple for employees to report any message that they don’t think is safe. When an employee reports a potentially malicious email, the message is immediately removed from everyone’s inboxes.        
  • Simple deployment and effortless integration via API with Microsoft 365 and Google Workspace.   
  • Half the price of the competition.   

Learn more about Graphus

Stay safe from even the most sophisticated cyberattacks and social engineering scams

Put the powerful TrustGraph® AI of Graphus to work for your business, and in minutes you’ll get a powerful, easy-to-use, and customizable EmployeeShield® against phishing attacks.
Get a Demo of Graphus