In the past 12 months 45% of SMBs experienced a cybersecurity incident, with 14% experiencing more than one incident, according to ESET’s SMB Cyber Readiness Index 2026.
The Index is based on a global survey of 4,400 SMB decision makers representing organisations with 25-1,000 endpoints across 13 countries in North America, Europe and Asia.
The data also reported that 61% of SMBs reported being seriously concerned about cyberattacks, while 75% consider cyberwarfare and global conflicts to be real cyberthreats capable of impacting their business operations.
Among cyberthreats, SMBs report the greatest concern with AI powered malware, even though such threats remain relatively rare at present.
Overall, the survey highlighted several positive trends. Insurance and compliance requirements are driving stronger cybersecurity practices, and many SMBs have accepted that organisational size does not provide protection from cyberthreats. As a result, businesses appear increasingly prepared to confront attacks.
In addition, 68% of SMBs are confident in their ability to prevent attacks, and 75% trust their cyber resilience when responding to incidents. Meanwhile, 65% are satisfied with their cybersecurity budgets, with an additional 15% reporting they are “more than satisfied”.
Only 11% operate with essential (minimal) cybersecurity protection and 87% view employee education as very important or critical to cyber resilience, with 67% conducting training more than once per year.
Despite these improvements, notable concerns remain. Many SMBs underestimate the seriousness of supply chain attacks and the risks associated with AI enabled tools, including so-called shadow AI.
