New Report IDs Crack in Business Cybersecurity Armor

Back in 2023, thanks to the cybersecurity capabilities it had in place, a New York law firm reportedly detected an attempted cyberattack orchestrated via email and successfully defused the intrusion before it escalated into a serious, full-blown incident.

Fast-forward to the spring of 2025, when a Luxembourg-based healthcare foundation said it detected suspicious activity in one of its email accounts and soon confirmed it was the target of a malicious cyberattack. The threat was quickly contained before any data was compromised.

For a small or midsize business, the difference between an attempted cyberattack and an actual cyberattack can mean everything. Unfortunately, we’re much more likely to hear about the latter, not just because cyberattacks on small businesses have become more frequent but because they pose an existential threat to their victims, whose finances and reputation can be irreparably damaged by a breach. Recent headlines are full of cautionary tales about well-established companies — a fast-rising genetic testing business, for example, and a 40-year-old radiology practice — that entered bankruptcy or suspended operations following a cyberattack.

A recently released report from Kinetic Business underscores the challenges small businesses face in trying to protect themselves from cyberattack. Based on a survey of more than 300 business owners, directors, and managers, the 2025 Small and Medium-Sized Business (SMB) Technology Report (available for free download here) reveals a troubling disconnect in which many SMB leaders acknowledge they need to invest more in cybersecurity measures to protect their organization from the escalating threat of cyberattack, yet they lack the financial wherewithal to do so. We found, for example, that a majority (59%) of respondents recognize their organization needs to improve cybersecurity. However, slightly less than half (49%) said their organizations intend to actually invest in cybersecurity technology this year. What’s more, 52% said they lack training and technical expertise to manage a cybersecurity threat.

Considering the budget constraints and limited in-house technical expertise many SMBs face, alongside the significant threat of cyberattacks, how can leaders develop a balanced cybersecurity strategy? The following seven steps provide a good starting point:

6. Be proactive rather than tempt fate. In a recent report, Mastercard found that almost half — 46% — of the more than 5,000 small and medium-sized business owners it surveyed had experienced a cyberattack on their business, and nearly one in five of those victims then filed for bankruptcy or closed their business. The stakes are too high for a small business to take a passive cybersecurity stance. The good news is that basic defenses like an integrated firewall are simple and cost-effective to implement. In fact, some business internet services include built-in protection from common threats like viruses, phishing attacks, malware and ransomware – killing two birds with one stone to achieve secure connectivity.
7. Take a layered approach. Because cyberattacks can come from multiple angles, the best defense involves multiple layers of protection. From an endpoint security solution to protect against malware attacks to multifactor authentication (MFA) to prevent phishing attacks to ZTNA (zero-trust network access) to protect the perimeter of a network when employees are working remotely, those additional layers can be implemented for a reasonable cost.
8. Cultivate a security culture inside your organization. As much as a small company stands to lose if it’s the victim of an attack, cybersecurity must be an intrinsic part of overall company culture rather than an afterthought. That means developing and socializing explicit organizational security policies, procedures and capabilities, along with a plan that includes regularly testing your backup and recovery systems, and that details how security incidents will be handled if they do occur. It also means providing training, so employees understand those policies and procedures and know how to use the capabilities at hand, then closely monitoring people to ensure they’re actually doing so. Organizational decision-makers also need to keep security top of mind when they’re contemplating new tech investments, factoring in any new risks and exposures these technologies could introduce, and how your organization will address them.
9. Regularly audit and update your security measures. The aforementioned New York law firm, which happens to have a practice area dedicated to data security and technology, said it put in place additional security measures after thwarting the attempted attack in 2023. It increased the use of MFA, strengthened employee training, and increased test phishing emails to identify gaps in employee training. These are all healthy habits that SMBs should adopt as they build out their updated cybersecurity strategy.
10. Invest in security solutions that make sense for today and tomorrow. The cyber defenses you put in place should grow and scale with your business, readily integrate with your tech infrastructure, and safeguard all the surfaces that need defending.
11. Protect against third-party cyberattacks by making sure your business ecosystem (suppliers, service providers, partners, etc.) have strong defense measures in place. Breaches and outages that originated with third parties accounted for 31% of cyber-related insurance claims, according to figures cited by Dark Reading. When it comes to cybersecurity, not only do you have to take care of your own house, you also must ensure the organizations with which you do business also have strong enough measures in place to protect against third-party threats. It takes a village — and cooperation and collaboration within that village.
12. Tap into outside cybersecurity expertise. As a small business, it’s important to know your limitations. If you lack the capabilities internally to ensure your business is protected, consider finding a third-party technology partner to manage cybersecurity on your behalf. Be sure that service provider has a strong track record of protecting businesses like yours, that they’re qualified (with NIST or ISA certification, for example), transparent about cost and deliverables, and that they’re willing and able to provide a team in the local area for in-person, on-site support when it’s needed. In some cases, your local business internet provider may fit that profile.

Whatever steps your organization ultimately chooses to prioritize in its cybersecurity strategy, the goal is the same: to keep attempted attacks on your business from turning into actual attacks.

The Kinetic Business 2025 Small and Medium-Sized Business Technology Report is available for free download here. To learn more about Kinetic Business internet and security solutions, visit KineticBusiness.com.

Author: Art Nichols is Chief Technology Officer at Kinetic Business, which provides reliable fiber-based broadband to consumers and small to medium-sized businesses. https://business.windstream.com/