Proton: SMB Cybersecurity Report 2026
This report from Proton surveyed business
leaders around the world to identify their principal cyber security issues. It
looks at the most common threats being faced, and provides solutions for
addressing each issue.
Businesses are trying to guard against breaches, but their efforts fail under real-world conditions.
To understand why, Proton asked 3,000 founders, executives, and IT leaders across three continents about their cybersecurity practices. The insights we gained will help you protect your business.
Attacks cost small businesses dearly
The small businesses that reported breaches last year were spending on their security, but their defenses failed. The attacks ended up costing them about as much money as they spent on protection. About 57% reported losses between $10,000 and $100,000.
Anxiety over data in the cloud
Almost all the SMBs (86%) we surveyed rely on business cloud storage providers like Google or Microsoft. But as many as 28% of that group say they don’t feel in control of how their data is handled, or aren’t sure. When your provider handles your encryption keys and collects your data, an attack on third-party companies can affect your business.
Taking steps in the right direction
Security wasn’t informal or ad hoc. Far from the cliché of the clueless small business, these SMBs had training programs, recurring audits, and tools in place before the breach. But security solutions become ineffective when they’re optional, unevenly enforced, or easy to bypass.
Training won’t catch every slip
In fact, 39% of businesses report experiencing a cybersecurity incident caused by human error. Strong security requires both training and secure business tools that enable security hygiene by default.
Investing in tools isn’t enough
Password sharing is a clear example. Even respondents that have a password manager on their tech stack still share credentials via email, messaging apps, shared documents, conversations, or in writing.
Not all the losses were financial
Once attackers got in, the consequences spread far beyond money. Cyberattacks disrupted operations, exposed data, and undermined trust. Damage looked different by country:
Read the report here: https://proton.me/business/smb-cybersecurity-report
Related Articles
Think Digital Identity and Cybersecurity for Government - BUILDING THE UK'S CYBER RESILIENCE
As the cyber threat landscape continues to worsen, cyber resilience is becoming increasingly important: technical defences alone are no longer enough to protect our businesses, public services, economy and society. UK policymakers are actively ...In the Spotlight: Imperial College London
Imperial College London has adopted a data-driven observability and security strategy with Splunk to improve visibility across its hybrid IT environment, accelerate incident response, and support a more resilient digital experience for students, ...Why cyber security must become a board-level priority - Matt Stanley and Jessica Figueras discuss cyber security, board responsibility and government resilience
Cyber security is no longer just an IT issue. It is a board-level responsibility. In this conversation, Matt Stanley sits down with Jessica Figueras to explore why cyber governance is still missing from many boardroom conversations and what needs to ...In the Spotlight: UK Home Office Electronic Travel Authorisation (ETA)
The UK Home Office has partnered with Entrust to deliver a digital Electronic Travel Authorisation (ETA) scheme, using biometric identity verification and mobile technology. Background The UK government is undertaking a transformation of its border ...In the Spotlight: Maidstone and Tunbridge Wells NHS Trust
Maidstone and Tunbridge Wells NHS Trust works with Northdoor and Microsoft to boost cross-county BI and reporting capabilities. Challenge During early 2020, Maidstone and Tunbridge Wells NHS Trust (MTW) and several other local healthcare ...