
Image credit: Sophos
The 2025 Verizon Data Breach Investigations Report (DBIR) highlights a significant shift in the threat landscape, revealing that small and medium-sized businesses (SMBs) have emerged as prime targets for ransomware attacks.
While large enterprises still face substantial risk, the data indicates that ransomware now overwhelmingly affects smaller organizations.
According to the report, 88% of all malware-related breaches in SMBs involved ransomware, compared to only 39% among larger firms.
This growing disparity is driven by several factors, including weaker cybersecurity defences, limited resources, and a perceived lack of preparedness within smaller organizations.
Tailored Attacks and Escalating Impact
Ransomware groups, often backed by organized crime, have refined their attack methods and now tailor their ransom demands based on the size and assumed financial capacity of each victim.
Rather than relying on the resale of stolen data in underground markets, attackers now focus on extortion by encrypting critical systems and demanding payment in exchange for decryption keys. This trend has made SMBs particularly vulnerable, as they often lack robust backup systems and incident response plans.
In 2024 alone, over 3,049 security incidents targeted small organizations, with 2,842 of those resulting in confirmed data breaches. By contrast, large organizations experienced 982 incidents, underscoring the volume and intensity of attacks faced by smaller businesses.
Also read: 1 in 5 SMBs Shut Down After Cyber Attacks
Ransom Demands Drop, But Threat Grows
The DBIR notes a significant increase in ransomware’s presence across all data breaches, rising to 44% in 2024 from 32% the previous year. However, the median ransom payment dropped to $115,000, down from $150,000 in 2023.
This decline is partly attributed to more victims refusing to pay ransoms and improved guidance from law enforcement and cybersecurity advisors. Still, the threat remains severe, particularly for organizations without dedicated cybersecurity teams.
The misconception that small businesses are not lucrative targets has proven dangerously inaccurate. Threat actors view SMBs as easy opportunities, and breaches have affected companies with as few as 20 employees, resulting in data losses impacting millions of records.
Financially Motivated Actors Lead the Charge
Financial motives dominate these attacks, with 98% of ransomware breaches against SMBs traced back to financially motivated external actors.
These groups continue to evolve their tactics and exploit common vulnerabilities, such as unpatched systems and weak access controls. The findings challenge the outdated belief that cybercriminals focus solely on large corporations.
The reality is that small businesses now represent a more attractive and accessible target for ransomware operators due to their limited defences and high dependence on digital infrastructure.
Conclusion
In a nutshell, organizations of all sizes have to reassess their cybersecurity posture.
Investing in security awareness, data backups, and multi-factor authentication can significantly reduce the likelihood and impact of a ransomware breach.
The increasing frequency of these attacks against SMBs demonstrates that no business is too small to be targeted. Preparedness, not size, determines resilience in today’s cybersecurity environment.