While 80% of SMBs believe the need for cybersecurity in their industries has increased during the past year, more than half (52%) still rely on an untrained internal staff member or the business owners themselves to manage critical security, according to a new report published by cybersecurity platform provider Guardz. Indeed, while almost half (43%) of all U.S.-based SMBs have already experienced a cyber attack, and 61% anticipate greater overall cyber risks in the year to come, at least half functions without support from professionals, tech advisors or MSPs. Guardz survey suggests this may change in 2026.
For starters, 80% of SMBs with a formal incident response plan in place were able to avoid major damage during an attack, highlighting the need for support from MSPs, argued Guardz executives.
”This research confirms that businesses increasingly recognize the value of experienced service partners,” said Dor Eisner, CEO and co-founder of Guardz. “Those that try to manage risk on their own lack the expertise, resources and tools needed to stay resilient. The data shows that organizations with strong preparation, grounded in clear processes and trusted partners, are far better positioned to avoid disruption and maintain continuity.”
Only 34% of SMB owners have a formal incident response or continuity plan developed with a cybersecurity professional, and 27% lack cyber insurance altogether. In one-third (33%) of cases, the business owner personally handles alerts and incident resolution, which is both time-consuming and outside their expertise, leaving room for missteps and oversights. An additional 13% of SMBs rely on untrained employees to handle alerts, reinforcing the operational fragmentation identified in the report.
As threats mount, however, SMBs are increasingly looking to external partners for help. According to the survey, the leading motivations for working with a MSP are a fear of cyberattacks (52%) and a sense of responsibility to customers and stakeholders (40%). While other factors were reported, compliance requirements, reduced cyber insurance premiums, and a growing need for specialized expertise stood out as the primary drivers, said Guardz researchers.
