No one has less cash on hand to spend on dealing with a cyberattack than the small business. New data shows ransomware is a challenge for SMBs and they aren’t prepared for the costs.

No other malware type has evolved as much over the last 12 months as ransomware. The sheer number of attacks, the improvements in sophistication and efficacy are unmatched, and the ransoms are only getting larger.

But most still think this is an enterprise problem; nothing could be farther from the truth. In Datto’s Global State of the Channel Ransomware Report, we find that the SMB is just as much a target of opportunity as the enterprise. And in many cases, despite it being impactful to the business, SMB’s simply aren’t aware of the danger.

According to the report:

  • 70% of MSPs report ransomware as the most common malware threat to SMBs
  • Only 30% report that their clients feel ‘very concerned’ about ransomware
  • 62% of MSPs said clients’ productivity was impacted due to attacks
  • 39% said their clients experienced business-threatening downtime

What’s interesting is how the costs of ransomware has fluctuated over time. While the average reported ransom stayed largely flat – $5,900 in 2020 versus $5,600 in 2019 – the average ransom is 50 times higher – $274K!!!

According to Datto, the leading cause of ransomware attacks is successful phishing email attacks. This means that despite most SMBs having security solutions in place (e.g., 59% have anti-malware filtering solutions implemented), it’s not enough. MSPs need to add Security Awareness Training to their security solution offering to improve their client’s security stance by incorporating the user as part of the security strategy.

From the looks of things, the SMB needs to step up their game and MSPs need to lead the way; Security Awareness Training is the answer to improve their client’s security posture.