Small and medium-sized businesses (SMBs) across Australia and worldwide are facing a dangerous cybersecurity dilemma. A new technology report reveals that while most leaders recognise the growing threat of cyberattacks, many lack the resources to defend themselves properly - leaving businesses vulnerable to increasingly sophisticated digital criminals.
The Rising Risk for Small Businesses
From ransomware and phishing scams to AI-driven fraud, cyber threats are no longer limited to large corporations. Experts warn that any business using email, storing sensitive customer data, or operating online is a potential target. And as SMBs expand their digital footprint with new apps, cloud services, and AI, their attack surface grows.
This year, Kinetic Business, a leading business fibre-internet provider, released its 2025 Small and Medium-Sized Business Technology Report. The findings are a wake-up call: SMBs know they need to step up cybersecurity, but many simply don’t have the money, skills, or time to do so.
What the Kinetic Report Reveals
We sat down with Michael Flannery, President of Kinetic Business, to unpack the report’s findings and what they mean for small businesses.
Top-line findings
Michael Flannery: “What really jumped out was cybersecurity. We saw a disconnect: many leaders acknowledge the growing threat of cyberattacks and want to protect their organisations, yet they lack the resources to invest in those defences.
- 59% of SMBs said they need to improve cybersecurity and compliance.
- But only 49% plan to invest in cybersecurity technology this year.
- 52% lack confidence in their ability to manage a cyber threat due to limited resources.
This shows SMBs are stretched thin - in time, expertise, and funding. That invites trouble.”
How this compares to other surveys
MF: “There’s consensus that SMBs are in the crosshairs. Mastercard found 46% of SMBs experienced a cyberattack, and nearly one in five later filed for bankruptcy or shut down. Nationwide reported that one in four SMBs faced scams using generative AI, and most severely underestimated the costs - believing attacks would cost under $5,000, when in reality claims average $18,000 to $21,000, with recovery times up to 75 days.”
Supply chain vulnerabilities
MF: “Our report didn’t directly focus on supply chains, but third-party risks are huge. According to Dark Reading, 31% of cyber-related insurance claims stem from supplier-related breaches. Ransomware incidents linked to third parties averaged $241,000 per claim, up 72% from 2023. Even if your own defences are strong, a weak vendor link can expose you. Collaboration with suppliers and partners is non-negotiable.”
Balancing budget constraints with cybersecurity needs
MF: “Cybercriminals are targeting smaller firms because they’re seen as easier prey. My advice: do something. Even small, layered measures make a difference. At minimum, SMBs should consider:
- Integrated firewalls (often built into business internet services)
- Multi-factor authentication (MFA)
- Zero Trust Network Access (ZTNA)
- Endpoint security solutions
These are affordable, scalable, and effective. But beyond tools, SMBs need training and awareness so employees understand and follow cybersecurity practices.”
Beyond Cybersecurity: Other SMB Tech Priorities
The Kinetic report also revealed SMBs’ broader challenges:
- 42% worry about current economic conditions
- 41% face budget pressures and cost reduction demands
- 36% prioritise growth and expansion
- 30% struggle to recruit and retain skilled staff
- 27% want to modernise outdated technology
Technology adoption is high on the agenda, but budget remains the biggest barrier. 66% of leaders cited funding new tech as their top challenge. Over half (56%) want faster internet and more efficient systems, while one-third (34%) plan to invest in collaboration tools such as video conferencing.
The Bottom Line
Cyberattacks are no longer “big business” problems - they’re everyone’s problem. The Kinetic Business report makes it clear: SMBs must act now to strengthen cybersecurity, even with limited resources. Layered defences, strong vendor collaboration, and staff training can go a long way to protecting against devastating losses.
SMBs that take proactive steps today won’t just protect their data and reputation - they’ll also build resilience for long-term growth.
