Montreal-based developer Devolutions released a report titled, “The State of Cybersecurity in SMBs in 2021-2022,” which features stats and trends from Devolutions’ second annual cybersecurity survey. Also included in the report is a list of specific recommendations designed to help SMBs address the gaps, vulnerabilities, and concerns uncovered in the survey.

The consequences of a breach have never been more severe, with global cybercrime collectively totaling $16.4 billion USD each day. A recent study by IBM revealed that organizations with fewer than 500 employees had an average data breach cost of $2.98 million USD per incident in 2021. As has been reported, approximately 60% of small and mid-sized businesses (SMBs) go out of business within six months of getting hacked. Smaller companies are not exempt from cyberattacks; in fact, it’s quite the opposite. Yet many of the tools and resources that larger companies have at their disposal to protect them from cyberattacks are not befitting for smaller companies. There is a gap in the market.

To help SMBs grasp the scope of the current cyberthreat landscape – and assist them in making decisions that reduce the likelihood and severity of cyberattacks – Devolutions this year polled 440 IT professionals and decision-makers at companies that self-identified as SMBs. Respondents included IT professionals across the globe – with the majority in North America and Europe – encompassing a variety of industries. The detailed questionnaire covered topics such as cyberattacks, cybersecurity training, cybersecurity investments, and the roles that privileged access management (PAM) and password management play in relation to cybersecurity.

While the pandemic forced many SMBs to scale back their operations, cyberattacks actually increased throughout 2020 and 2021 for small and midsize businesses. Remote workers, in particular, have been especially vulnerable to cyber threats since they reside outside of the corporate network environment. And with a large percentage of the workforce still working from home, this extends the threat surface and increases the likelihood of an attack.

Among some notable stats from the Devolutions cybersecurity survey:

  • 72% are more concerned about cybersecurity now than compared a year ago.
  • 52% have experienced a cyberattack in the last year – and 10% have experienced more than 10 cyberattacks.
  • 40% do not have a comprehensive and up-to-date cybersecurity incident response plan.
  • Only 13% have a fully deployed PAM solution in place.

It’s not all bad news, however. A few stats from the survey that reflects the cybersecurity progress being made by SMBs:

  • 92% have a process in place to revoke account access for ex-employees.
  • 74% are providing their workforce with cybersecurity training.
  • 71% are using a password manager to store passwords.

Managed services providers (MSPs) can play a vital role for SMBs when it comes to cybersecurity support. Since many SMBs don’t have the resources to hire several in-house IT / cybersecurity professionals, MSPs can shoulder a lot of that load, providing services to help reduce risk, enable growth opportunities, and support end-users and customers alike.

For more information about Devolutions and their solutions, please visit