International Cyber Expo International Cyber Expo
  • About Us
Tuesday, 14 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

SMBs Struggle to Translate Cybersecurity Investment into Real-World Resilience, Study Finds

by Guru Writer
February 26, 2026
in Featured
Data Breach Cyber attack code
Share on FacebookShare on Twitter

Small and medium-sized businesses (SMBs) continue to face significant cyber risk despite growing investment in cybersecurity tools and training, according to new research from privacy company Proton AG.

The company’s SMB Cybersecurity Report 2026, based on a survey of 3,000 business leaders across six global markets, including the UK, found that one in four SMBs experienced a cyberattack or data breach in the past year, highlighting what researchers describe as a widening gap between cybersecurity spending and real-world resilience.

The findings suggest that while awareness of cyber threats among smaller organisations has improved markedly, operational security practices and human behaviour remain persistent weak points.

Human error continues to undermine defences

According to the report, 92% of SMBs have implemented some form of cybersecurity or privacy protection, yet incidents continue to occur due largely to preventable issues such as password sharing, inconsistent policy enforcement, and varying levels of employee technical expertise.

Nearly 39% of cybersecurity incidents were linked to human error, reinforcing long-standing industry concerns that technology investment alone cannot mitigate organisational risk.

Unsafe credential practices remain widespread even among companies using password managers. The research found that employees frequently continue to share passwords via email, shared documents and messaging platforms, while more than one in five respondents admitted credentials are still written down offline.

Patricia Egger, Head of Security at Proton, said the findings challenge assumptions that smaller organisations neglect cybersecurity investment.

“The vast majority of small businesses invest in tools and training. The challenge is ensuring security works consistently in real-world environments involving employees, partners and third-party providers,” she said.

Financial and operational impact remains significant

Among businesses that experienced a breach, the consequences extended beyond immediate technical disruption. Respondents reported operational downtime, legal and remediation costs, data loss and reputational damage following incidents. A majority of breached SMBs reported financial losses ranging from £7,500 to £75,000, with some incidents exceeding annual cybersecurity budgets, a level of impact that can pose an existential threat to smaller firms.

Despite these risks, preparedness appears relatively high on paper. The study found that 74% of UK SMBs conducted a formal cyber risk assessment within the past year, suggesting that governance measures are improving even as attacks persist.

AI adoption introduces new uncertainty

The report also highlights emerging security concerns linked to the rapid adoption of artificial intelligence tools. While 69% of businesses reported using AI platforms, many respondents expressed uncertainty over how corporate data is collected, stored or potentially used by AI providers. Around 30% said they do not fully trust AI companies to protect proprietary business information. Researchers warn that this transparency gap may introduce new data exposure risks as AI becomes embedded in everyday business workflows.

Security is becoming a competitive differentiator

Beyond risk mitigation, the study indicates that cybersecurity is increasingly influencing commercial decision-making. Two-thirds of SMBs said strong data protection practices are now critical to winning new business, while three-quarters promote secure file sharing as a competitive advantage during procurement processes.

Raphael Auphan, COO at Proton, said cybersecurity is evolving from a technical function into a business growth factor.

“Cybersecurity is no longer just an IT expense for small and medium-sized businesses. It is directly tied to revenue, reputation and long-term growth,” he said.

The report concludes that closing the gap between perceived preparedness and operational resilience will require organisations to move beyond tool deployment and embed secure behaviours into daily operations.

ShareTweet
Previous Post

Forescout Launches VistaroAI™ to Help Security Teams Cut Through AI Hype and Act Faster on Real Threats

Next Post

AI-Driven Development Fuels Surge in Open Source Vulnerabilities, Black Duck Finds

Recent News

Q&A: Cyber’s Headed Back to the CSIDES

Q&A: Cyber’s Headed Back to the CSIDES

July 13, 2026

UK Cyber Attacks Climb 34% as Ransomware Leadership Shifts, Check Point Research Reveals

July 13, 2026
Cyber Shield

UK Government Unveils AI Powered Cyber Shield to Strengthen National Cyber Defense

July 10, 2026
KnowBe4 phishing by industry

Healthcare, Hospitality and Construction Named UK’s Most Phishing-Prone Industries

July 10, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol