Proton: SMB Cybersecurity Report 2026
This report from Proton surveyed business
leaders around the world to identify their principal cyber security issues. It
looks at the most common threats being faced, and provides solutions for
addressing each issue.
Businesses are trying to guard against breaches, but their efforts fail under real-world conditions.
To understand why, Proton asked 3,000 founders, executives, and IT leaders across three continents about their cybersecurity practices. The insights we gained will help you protect your business.
Attacks cost small businesses dearly
The small businesses that reported breaches last year were spending on their security, but their defenses failed. The attacks ended up costing them about as much money as they spent on protection. About 57% reported losses between $10,000 and $100,000.
Anxiety over data in the cloud
Almost all the SMBs (86%) we surveyed rely on business cloud storage providers like Google or Microsoft. But as many as 28% of that group say they don’t feel in control of how their data is handled, or aren’t sure. When your provider handles your encryption keys and collects your data, an attack on third-party companies can affect your business.
Taking steps in the right direction
Security wasn’t informal or ad hoc. Far from the cliché of the clueless small business, these SMBs had training programs, recurring audits, and tools in place before the breach. But security solutions become ineffective when they’re optional, unevenly enforced, or easy to bypass.
Training won’t catch every slip
In fact, 39% of businesses report experiencing a cybersecurity incident caused by human error. Strong security requires both training and secure business tools that enable security hygiene by default.
Investing in tools isn’t enough
Password sharing is a clear example. Even respondents that have a password manager on their tech stack still share credentials via email, messaging apps, shared documents, conversations, or in writing.
Not all the losses were financial
Once attackers got in, the consequences spread far beyond money. Cyberattacks disrupted operations, exposed data, and undermined trust. Damage looked different by country:
Read the report here: https://proton.me/business/smb-cybersecurity-report
Related Articles
Think Digital Identity and Cybersecurity for Government - BUILDING THE UK'S CYBER RESILIENCE
As the cyber threat landscape continues to worsen, cyber resilience is becoming increasingly important: technical defences alone are no longer enough to protect our businesses, public services, economy and society. UK policymakers are actively ...In the Spotlight: Maidstone and Tunbridge Wells NHS Trust
Maidstone and Tunbridge Wells NHS Trust works with Northdoor and Microsoft to boost cross-county BI and reporting capabilities. Challenge During early 2020, Maidstone and Tunbridge Wells NHS Trust (MTW) and several other local healthcare ...Reimagining the future of public sector productivity
This Economist Impact report, sponsored by SAS, examines the opportunities and obstacles of public sector productivity reform. Unlocking productivity: Digital and cultural transformation must work together. Governments are realizing significant gains ...In the Spotlight: South West London Integrated Care Board
A security health check from BT’s Security Advisory Services helped the South West London Integrated Care Board to better understand its cybersecurity posture, bring in key health requirements, and identify its strengths and weaknesses. In May 2023, ...Data and AI Present Significant Opportunities for Social Benefits Systems - presented by SAS
In today's rapidly evolving world, social benefits agencies, across the globe, face unprecedented challenges and opportunities. This report, authored by the International Institute for Analytics together with SAS experts, delves into how data and AI ...