Skip to main

Woburn, MA – September 27, 2022 — A recent Kaspersky survey has found cybersecurity incidents are almost just as challenging as dramatic decreases in sales for small to medium businesses (SMB). In the U.S., 14% of respondents from SMBs said online attacks the most challenging aspect of their business, with dramatic decreases in sales closely following at 13.5%.

To gain insights into which crises pose the biggest risks to small and medium businesses, Kaspersky interviewed decision-makers from companies with 1 to 999 employees from 13 countries all over the world[1].

Data from the U.S. indicates cybersecurity incidents are the number one most difficult type of crisis, with decreased sales to follow. Legal issues, financial economic factors and technology failures are also a pain point for SMBs, rounding out their top five stressors.

IT security concerns are not unfounded, especially given that the probability of facing a cybersecurity-related problem rises as the company grows. While only 8% of organizations with 1 to 8 employees said they faced an IT security incident, this share increases to 30% among companies with more than 501 workers. 

 “Today, cybersecurity incidents can happen to businesses of all sizes and significantly affect their operations, profitability and reputation,” said Konstantin Sapronov, head of the global emergency response team at Kaspersky. ”However, as our Incident Response analytics report shows, in most cases adversaries use obvious gaps in an organization’s cybersecurity to gain access to its infrastructure to steal money or data. This fact suggests that basic protective measures, accessible even to small companies, such as a robust password policy, regular updates and employees’ security awareness, if not overlooked, may significantly contribute to the company’s cyber resistance”.

To keep the business protected even in times of crises, Kaspersky recommends the following:

  • Implement a strong password policy, requiring a standard user account’s password to have at least eight letters, one number, uppercase and lowercase letters and a special character. Make sure that these passwords are changed if there any suspicion that they have been compromised. To put this approach into practice without additional efforts, use a security solution with a comprehensive built-in password manager. This will help to eliminate the possibility of a brute-force attack, when an adversary attempts to gain access to your digital entry point by submitting many passwords or passphrases in hopes of eventually guessing correctly.
  • Don’t ignore updates from a software and device vendors. These usually not only bring new features and interface enhancements, but also resolve uncovered safety gaps.
  • Protect against ransomware. This type of attack, when an intruder encrypts corporate data and demands to pay the ransom for its decryption, has retained a dominant role in the threat landscape for many years. Besides keeping all devices updated, another important step is to set up offline backups for your data so that you can quickly access them if any of your organization’s files are encrypted. Your security solutions need to be able to identify and block unknown malware before it is executed, and should have a function that initiates automatic backup copy creation in the event of an attack.
  • Maintain a high level of security awareness among employees. Encourage your workers to learn more about current threats and ways to protect their personal and professional life and take relevant free courses. Conducting comprehensive and effective third-party training programs for employees is a good way to save the IT department time, and get good results.

The full report and more insights on small and medium businesses’ attitudes to crisis and tactics against it are available via this link.

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at

Media Contact:

Cassandra Faro



[1] 1,307 interviews were conducted globally with representation across 13 countries: UK, USA, Germany, France, UAE, KSA, Turkey, Indonesia, Thailand, India, Brazil, Mexico and Colombia.

Cybersecurity incidents and dramatic falls in sales are the most challenging types of crises to hit small to medium businesses in the U.S.

Kaspersky Logo