-

CrowdStrike Unveils State of SMB Cybersecurity Report: High Awareness, Lagging Protection

While 93% of SMBs are knowledgeable of cyber risk and 83% have plans in place, limited investments in advanced technologies leave organizations exposed

AUSTIN, Texas--(BUSINESS WIRE)--CrowdStrike (NASDAQ: CRWD) today released its 2025 State of SMB Cybersecurity Report, uncovering a widening gap between cybersecurity awareness and readiness among small and medium-sized businesses (SMBs). While 93% of SMBs consider themselves knowledgeable about cybersecurity risks and 83% report having a plan in place, just 36% are investing in new tools – and only 11% have adopted AI-powered defenses.

Based on insights from SMB decision-makers across industries and company sizes, the research reveals that despite rising awareness, most SMBs still lack the budget, tools and in-house expertise to stop modern threats. With attacks becoming more advanced and frequent, SMBs need protection that’s easy to use, affordable to deploy and built to scale with their business.

State of SMB Cybersecurity Report Highlights:

  • Smallest businesses are falling the furthest behind: Among SMBs with fewer than 50 employees, only 47% report having a security plan in place, and more than half allocate less than 1% of their annual budget to cybersecurity.
  • Cost concerns drive decisions – but not always the right ones: 67% of SMBs prioritize affordability when selecting a cybersecurity solution, yet just 57% say they prioritize protection against advanced threats, and only 6.5% believe their current cybersecurity budget is truly sufficient.
  • SMBs are overwhelmed by choice, under-supported on strategy: 50% of SMBs feel overwhelmed by the number of cybersecurity tools on the market, and nearly 70% rely on third-party guidance to inform buying decisions.
  • Ransomware remains a top threat – especially for the smallest teams: Among SMBs under 25 employees who experienced a cyber incident in the past year, 29% reported ransomware – compared to 19% among larger SMBs.
  • AI-driven Security Adoption Presents a Growth Opportunity: With only 11% of SMBs currently using AI-powered security, most are still early in their journey – highlighting a clear opportunity for growth-minded businesses to strengthen their protection with scalable, automated security that reduces operational costs and complexity.

“SMBs are increasingly aware of the cyber risks they face, but remain vulnerable to modern threats,” said Lisa Campbell, vice president of SMB at CrowdStrike. “Many know they need stronger protection but are held back by limited time, resources and expertise. They need solutions that are affordable and effective, without adding complexity – so they can turn awareness into action.”

CrowdStrike Falcon Go: Purpose-Built for SMBs

CrowdStrike is revolutionizing cybersecurity for small and medium-sized businesses with CrowdStrike Falcon® Go – delivering the protection they need to stop ransomware, prevent data breaches and defend against the threats traditional antivirus tools miss. With just a few clicks, SMBs can quickly deploy industry-leading, AI-powered security that’s purpose-built to be simple, effective and affordable. Falcon Go sets a new standard for SMB cybersecurity – bringing enterprise-grade protection to businesses of every size.

For more information on CrowdStrike’s 2025 State of SMB Cybersecurity Report and to learn about CrowdStrike’s unified platform approach, visit our website.

About CrowdStrike

CrowdStrike (NASDAQ: CRWD), a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyper-accurate detections, automated protection and remediation, elite threat hunting and prioritized observability of vulnerabilities.

Purpose-built in the cloud with a single lightweight-agent architecture, the Falcon platform delivers rapid and scalable deployment, superior protection and performance, reduced complexity and immediate time-to-value.

CrowdStrike: We stop breaches.

Learn more: https://www.crowdstrike.com/
Follow us: Blog | X | LinkedIn | Facebook | Instagram
Start a free trial today: https://www.crowdstrike.com/free-trial-guide/

© 2025 CrowdStrike, Inc. All rights reserved. CrowdStrike and CrowdStrike Falcon are marks owned by CrowdStrike, Inc. and are registered in the United States and other countries. CrowdStrike owns other trademarks and service marks and may use the brands of third parties to identify their products and services.

Contacts

Media Contact:
Jake Schuster
CrowdStrike Corporate Communications
press@crowdstrike.com

CrowdStrike

NASDAQ:CRWD

Release Versions

Contacts

Media Contact:
Jake Schuster
CrowdStrike Corporate Communications
press@crowdstrike.com

More News From CrowdStrike

CrowdStrike Named Frost & Sullivan’s 2026 Global Enabling Technology Leader in Zero Trust Browser Security

AUSTIN, Texas--(BUSINESS WIRE)--CrowdStrike (NASDAQ: CRWD) today announced it has been named Frost & Sullivan’s 2026 Global Enabling Technology Leader in Zero Trust Browser Security. The browser has become the operating environment for modern work, where employees access email, SaaS applications, collaboration tools, customer data, and AI services. All this activity makes the browser a high-value target for attackers – sitting between users, identities, applications, and sensitive enterpris...

CrowdStrike Named a Leader in the 2026 IDC MarketScape for Worldwide SIEM

AUSTIN, Texas--(BUSINESS WIRE)--CrowdStrike (NASDAQ: CRWD) today announced it has been named a Leader in the IDC MarketScape: Worldwide SIEM 2026 Vendor Assessment.1 We believe this recognition reflects how CrowdStrike Falcon® Next-Gen SIEM is transforming security operations at global scale, as organizations replace legacy SIEMs to build the agentic SOC on the CrowdStrike Falcon® platform. Legacy SIEMs were built for a threat environment that no longer exists. As AI-enabled adversaries attack...

CrowdStrike Advances AI and Cloud Security Operations on AWS

AUSTIN, Texas & NEW YORK--(BUSINESS WIRE)--AWS Summit New York -- CrowdStrike (NASDAQ: CRWD), in collaboration with Amazon Web Services (AWS), today announced new AI, cloud, and Next-Gen SIEM innovations that help organizations securely build, deploy, and operate AI applications and cloud workloads on AWS. CrowdStrike is expanding CrowdStrike Falcon® AI Detection and Response (AIDR) capabilities on AWS, helping organizations identify and mitigate AI runtime risks across AI applications built wi...
Back to Newsroom