SMB Security Survey Reveals High Awareness, Lagging Protection

The CrowdStrike State of SMB Cybersecurity Survey

The CrowdStrike State of SMB Cybersecurity Survey reveals how small and medium-sized businesses are navigating today’s evolving threat landscape.

In today’s digital-first world, cybersecurity isn’t just an IT issue — it’s a business imperative. And while small businesses may run lean, they carry the same responsibility as large enterprises when it comes to securing data, operations, and reputation. 

Adversaries don’t always target by size. They target opportunity wherever it exists. In many SMBs, that opportunity to attack stems from under-resourced teams, outdated tools, and a false sense of security. As threats evolve in speed and complexity, small businesses must evolve too, adopting security strategies that are proactive, intelligent, and built to respond in real time.

To understand where SMBs are making progress, and where they still need help, CrowdStrike commissioned a survey of small businesses across industries. The findings show clear momentum in SMB security, but they also reveal critical gaps in execution, investment, and readiness. The message is clear: The need for stronger security is urgent, and SMBs can’t afford to wait.

The State of SMB Cybersecurity

The CrowdStrike State of SMB Cybersecurity Survey reveals how small businesses are navigating today’s evolving threat landscape and where critical security gaps remain.

This disconnect is especially evident when comparing strategy to outcomes. While 94% of SMB leaders consider themselves “somewhat” or “very” knowledgeable about cyber threats, many remain exposed. Fewer than half provide regular employee training, and just 11% have adopted AI-powered security tools. 

This gap between awareness and action leaves SMBs vulnerable to phishing, credential theft, and fast-moving attacks. With an average eCrime adversary breakout time of just 48 minutes in 2024, reacting after an incident is no longer enough. Resilience demands a proactive approach that keeps pace with evolving threats and fits within the realities of limited IT resources.

Even with a plan in place, protection isn’t guaranteed. While 83% of SMBs report having a cybersecurity strategy, those with plans were just as likely to suffer a breach as those without one. In some cases, these plans may be outdated, incomplete, or not fully executed, potentially creating a false sense of security. Ransomware, identity-based attacks, and phishing campaigns can exploit these gaps — especially among the smallest businesses. Twenty-nine percent of SMBs with fewer than 25 employees were hit by ransomware, and 75% of that group say a major attack could shut them down entirely.

Limited budgets compound the problem. Only 7% of SMBs say their budget is sufficient, and most rely on general IT staff or outsourced providers. Because of this, their security tools must be easy to deploy and manage, and effective out-of-the-box. But too often, cost is prioritized over capability — leaving SMBs vulnerable to the threats they’re trying to prevent. To stay secure and competitive, small businesses need solutions that simplify security, grow with their business, and help turn awareness into action.

How CrowdStrike Protects Small Businesses

To close the gap between awareness and protection, SMBs require cybersecurity solutions that are built for speed, simplicity, and real-world effectiveness. Those solutions should proactively stop threats before they cause harm, without overwhelming SMBs’ limited IT resources.

CrowdStrike’s endpoint security delivers cutting-edge protection through a lightweight agent and cloud-native platform, combining AI-driven threat detection with rapid deployment and seamless integration. Designed to simplify security operations, it empowers SMBs to stay ahead of attacks without slowing down their teams or overwhelming their resources.

For smaller businesses, CrowdStrike Falcon® Go is an easy-to-use, out-of-the-box endpoint bundle for users across all security expertise levels, providing next-gen antivirus and device control, all within a simplified UI. CrowdStrike Falcon® Enterprise is another bundle option for SMBs, with additional capabilities such as firewall protection, threat hunting, and endpoint detection and response. This is a strong option for those seeking additional protection or needing to meet specific business and operational requirements.

For SMBs looking for fully managed protection, CrowdStrike Falcon® Complete Next-Gen MDR provides 24/7 expert management and monitoring of the CrowdStrike Falcon® platform, eliminating threats before they impact business operations. This managed service ensures that SMBs stay protected, even without in-house cybersecurity expertise. 

And it’s working. SMBs across industries are already seeing the impact of CrowdStrike’s modern approach to cybersecurity, with faster detection, simplified operations, and greater peace of mind. Below are some of their insights: 

• “What surprised us about CrowdStrike was not just that we had a best-in-class solution. It also saved us money, especially for endpoint protection. Greater efficiencies improved cost savings, and we significantly improved the ability to monitor and protect our environment.” – Don Thorstenson, IT Manager at BPG Designs
• “While the previous vendor claims to be MDR, they simply alert us if they detect a threat and guide us on the remediation. In contrast, Falcon Complete will try to remediate the threat before escalating it. From a cost and feature perspective, it was a no-brainer to consolidate our MDR with Falcon Complete and add [our subsidiary] VCI’s assets to it.” – Kevin Tsuei, SVP Information Security Officer, Commercial Bank of California
• “We've been using CrowdStrike for several years now and I'm very happy with the service and sleep much better knowing that our environment is being monitored 24 hours a day.” – Rieth-Riley Construction Co., Inc.¹

With CrowdStrike, small businesses can defend against modern threats, reduce risk, and operate with the confidence that their people, their customers, and their futures are protected — without needing an enterprise-sized team or budget. Now is the time to move from reactive to resilient.

Additional Resources

• Read the entire CrowdStrike State of SMB Cybersecurity Survey report to understand more about how SMBs are navigating today’s fast-moving threat landscape.
• Read the Cybersecurity Survival Guide for Small and Medium Businesses to learn more about the landscape of modern cyberattacks and get actionable next steps to safeguard your small business.
• Take our small and medium business cybersecurity recommendation assessment to discover which solution is best for securing your business.
• Sign up for a 15-day free trial and explore our most popular solutions for your small business.

One Year of Falcon Go: Transforming Cybersecurity for Small Businesses

How CrowdStrike and key partnerships are simplifying cyber protection and strengthening resilience for SMBs

Small business owners are wearing more hats than ever before. Along with managing operations, sales, innovation, customer satisfaction and more, they must also stay on top of trends that can affect their business trajectory — including cybersecurity and the ever-evolving range of cyber threats.

Managing cybersecurity can create unnecessary complexity, especially for a small business. Business owners may choose to forgo cybersecurity measures or buy legacy antivirus tools built for consumers, putting them at risk. Some accumulate a patchwork of tools that all offer small pieces of the full cybersecurity picture but provide only fragmented coverage and piecemeal data about risk and exposure. And small businesses may have lean budgets for products and limited technical expertise to manage security operations. All of these challenges can complicate the already delicate balance needed to own and manage a successful small business. 

Recognizing these challenges, CrowdStrike announced CrowdStrike Falcon® Go in November 2023. Falcon Go brings together next-generation antivirus and device control with support to provide small businesses with manageable and affordable cyber protection through an easy-to-install, easy-to-use UI. With Falcon Go, CrowdStrike gives small businesses enterprise-quality cybersecurity, protecting their business and customer data from attacks that could be detrimental to the future of their business.

And now, one year in, CrowdStrike is fortunate to have identified strong partners with whom to partner to address these same challenges. With our strong partnerships and available CrowdStrike’s integrations and solutions, we are fully committed to meeting the needs of SMBs. 

National Australia Bank

National Australia Bank (NAB), one of Australia’s largest banks, is committed to enhancing financial and operational resilience by prioritizing customer and staff protection through cybersecurity. In line with this goal, NAB partnered with CrowdStrike earlier this year to offer its small and medium-sized business (SMB) customers in Australia a free year of Falcon Go, helping them strengthen their defenses against cyber threats such as ransomware and data breaches. This partnership reflects NAB's broader mission to build cyber resilience not only for its customers but for the wider Australian community.

SMB customers are already benefiting from NAB's cybersecurity initiatives. Finance Lane, a small mortgage broker, quickly took advantage of NAB’s offer, finding the Falcon Go solution addressed its cybersecurity needs without requiring extensive expertise. In a recent case study, owner Cristian Tihon emphasized that data security is essential to their business, as clients expect robust protection. With the Falcon Go solution installed in just 15 minutes, Finance Lane significantly bolstered its defenses against cyber threats. This initiative is one of many by NAB to help SMBs prevent cyberattacks that could disrupt their operations.

1Password

In order to provide the simplicity business customers are looking for, CrowdStrike and 1Password recently announced a strategic partnership to simplify security for small businesses. 1Password customers can now purchase 1Password Extended Access Management (XAM) and Falcon Go together to get comprehensive security coverage that is easy to deploy and manage at an affordable cost. Through this integrated solution, small businesses can ensure robust protection against cyber threats without the complexity or cost of managing disparate tools, allowing them to focus on growing their business without worrying about ransomware, shadow IT, insecure devices and more. 

This new partnership is the next step in 1Password and CrowdStrike’s joint journey to bring integrated security solutions to business customers, and it builds on deepening integrations between respective products. In addition to checking if CrowdStrike is installed and running, 1Password XAM will now be able to check the CrowdStrike Falcon® Zero Trust Assessment (ZTA) score to determine if a device can access company apps and resources. Earlier this year, 1Password and CrowdStrike announced a new integration with CrowdStrike Falcon® Next-Gen SIEM, consolidating security events and information in one place for monitoring, streamlined reporting and critical threat intelligence for 1Password Business customers. 

Intel

CrowdStrike aligns with manufacturers to bring cybersecurity to SMB hardware. Intel manufactures industry-leading hardware in the form of AI-ready Core Processors. When collaborating with OEM partners via Intel’s Software Advantage Program, Intel enabled an AI PC software bundle led by CrowdStrike that small business customers can easily enable when they open their device. This bundle features one free year of Falcon Go, which is run on the same AI-powered Falcon agent as CrowdStrike’s enterprise-grade modules. This provides a built-in level of free cybersecurity for SMBs that purchase a device with an Intel chip at its core.

Why is this important for SMBs? Cybersecurity and AI are two massive components of an enterprise strategy. Intel and CrowdStrike believe SMBs should have built-in access to both, without an enterprise price tag. Intel manufactures chips with built-in AI compatibility to super-power all business tools and applications, no matter the size or scale. CrowdStrike's Falcon platform is powered by AI, so even as an SMB with one PC, you're protected by enterprise-grade technology.

Dell

Looking from another integration angle, CrowdStrike and Dell have been working together to keep SMB PC fleets secure and healthy. Dell Services uses the Falcon sensor/agent with next-gen AV and device control to keep SMBs safe from known and unknown malware. 

Dell’s recently launched APEX Managed Device Service delivers advanced security tailored for SMBs, empowering them to stay ahead of evolving cyber threats. This service provides comprehensive protection through cloud-based encryption management, helping safeguard data even if devices are lost or stolen. System firmware protection and next-generation antivirus continuously monitor, detect and mitigate potential vulnerabilities. Additionally, Dell takes charge of timely OS, BIOS and firmware updates, helping prevent unauthorized security changes and optimizing device performance. 

With continuous real-time monitoring and system optimization, Dell enables businesses to focus on growth, with the confidence that their devices are more secure, managed and performing at their best. In partnership with CrowdStrike, Dell extends its reach to more SMBs by integrating robust software and hardware security solutions.

It’s been an exciting year bringing Falcon Go to small business customers through our strategic business and technology partnerships, and focusing on ensuring SMBs are getting the best cyber protection — no matter where they are in their business journey. We look forward to continued expansion of our SMB offerings, expanding our partnership opportunities and working with others to scale cyber protection to more SMBs across the globe. 

Together we are working with our partners to improve cyber resilience across the SMB segment.