As AI hyperscalers partner with other companies to expedite AI innovation, the speed and sophistication of cyberattacks continue to grow. Consequently, the proliferation of AI is contributing to extremely effective phishing attacks, which are leading to great financial loss for companies. To make matters worse, threat actors are able to improve the effectiveness of these phishing attacks by attacking companies’ weakest cybersecurity vulnerability: human error.
When phishing attacks transition to ransomware, small- to medium-sized businesses (SMBs) can bear the brunt of the consequences. In fact, 88% of SMB breaches involve ransomware or data extortion. This is often due to the fact that ransoms are just under cyber insurance deductibles. In an effort to continue cutting costs where their resources are otherwise limited, SMBs become “repeat customers,” due to predictable payment behaviors. Since criminals understand this SMB payment behavior, they exploit it.
In this current threat landscape, economics favors attackers. Now is the opportunity to turn the narrative to make ransomware less profitable and less attractive, as a tactic.
Why SMBs Are in the Crosshairs
According to N-able’s Annual Threat report, SMBs have seen a significant increase in attacks in the past year, with a 273x increase in threat instances from June 2024 to June 2025, as they increasingly invested in the proper security tools to monitor their environments and mitigate risk. The high return on investment and minimal work that is associated with attacking SMBs continue to make them an attractive target for attackers. Rather than curating tactics for a single multimillion-dollar enterprise hit, bad actors can reap the rewards of targeting dozens of $50K ransoms.
Breaking the Cycle: Beat the Business Model
To beat cybercriminals at their own game, SMBs can shore up their defenses without compromising their already limited resources. There are multiple defenses that reduce downtime and data leakage. For example, SMBs can implement phishing-resistant MFA. This defense often requires a physical device and user presence, making it a great countermeasure to phishing attacks. Hardened remote access and constant patching of open vulnerabilities are also good countermeasures, as they increase the complexity necessary for attackers.
SMBs should also institute regular system backups to decrease the chances of data loss in the event of an effective attack. Further, they should practice incident response plans with their teams so that team members know what to do to both avoid and react to a ransomware attack.
Today, we are also operating in a reality in which identity is the new perimeter. To fortify it, SMBs need to enforce MFA, exercise least privilege, and implement anomaly detection. Further, where AI is being used to make attacks faster and easier, enterprises should encourage AI awareness training. Employees should know how to spot AI-generated deepfakes, voice clones, and other AI-powered attacks. This will increase employee awareness and reduce their susceptibility to falling for a phishing tactic.
Risk Management as a Weapon
Insurance trends continue to inform how companies protect themselves and combat attacks. Payouts are shrinking, and premiums continue to drop for firms with strong controls. In addition, the regulatory environment is raising the cost of weak defenses. The Securities and Exchange Commission’s (SEC) cyberincident rule now compels even the smallest listed firms to file an 8-K within four business days of a material incident. In the European Union, data protection authorities issued more than €2.9 billion in GDPR fines during 2024 alone.
By proactively complying with regulatory standards and exercising basic cyber hygiene, SMBs can lower the incentive for attackers — who will have less information to blackmail the organization — and also minimize operational disruptions.
Making Ransomware Less Profitable
SMBs don’t need Fortune 500 budgets but must move beyond cybersecurity practices and tools that meet the bare minimum standards. When SMBs employ this shift in mindset, they can effectively and efficiently shift attacker ROI, their time, their money, and ultimately their leverage — therefore shifting the economics of attacks back in their favor.
Join our LinkedIn group Information Security Community!
