ESET survey finds SMB cyber confidence rising as AI fears grow

By AI, Created 11:26 AM UTC, June 03, 2026, /AGP/ – ESET’s 2026 SMB Cyber Readiness Index shows more small and midsize businesses feel prepared to handle cyberattacks, but AI-powered malware and shadow AI are emerging as top worries. The global survey of 4,400 decision makers also found that nearly half of SMBs faced an incident in the past year.

Why it matters: - SMBs are becoming more confident in their defenses, but the survey shows that confidence is colliding with new risks tied to AI, supply chains and cyberwarfare. - The findings suggest many smaller businesses are improving basic hygiene, yet still face exposure from threats that are harder to detect and respond to.

What happened: - ESET released its SMB Cyber Readiness Index 2026 on June 3, 2026. - The index is based on a global survey of 4,400 SMB decision makers. - The survey covered organizations with 25 to 1,000 endpoints across 13 countries in North America, Europe and Asia. - The report examined cybersecurity sentiment, AI-driven threats, awareness training and incident response in SMB environments.

The details: - 45% of SMBs experienced a cybersecurity incident in the past 12 months. - 14% of SMBs had more than one incident. - 61% of surveyed SMBs said they are seriously concerned about cyberattacks. - 75% view cyberwarfare and global conflicts as real cyber threats that could affect business operations. - SMBs named AI-powered malware as their biggest concern, even though those threats remain relatively rare right now. - 68% of SMBs are confident in their ability to prevent attacks. - 75% trust their cyber resilience when responding to incidents. - 65% are satisfied with their cybersecurity budgets. - 15% said they are more than satisfied with their cybersecurity budgets. - Only 11% operate with essential, minimal cybersecurity protection. - 87% said employee education is very important or critical to cyber resilience. - 67% conduct cybersecurity training more than once a year. - 6% rely only on basic awareness training. - 2% provide no cybersecurity training at all. - More than one third of SMBs investigated cyber incidents within two weeks. - Insurance and compliance requirements are pushing stronger cybersecurity practices across the SMB segment. - Many SMBs now accept that company size does not protect against cyber threats.

Between the lines: - The survey points to a maturity gap: SMBs feel more prepared, but the most worrying threats are also the least familiar. - AI is playing both sides of the ledger, helping defenders while creating new attack paths through malware and shadow AI. - Supply chain attacks remain an underappreciated risk, which could leave gaps in many SMB defense plans.

What’s next: - SMBs are likely to keep raising spending, training and incident-response readiness as insurance and compliance demands tighten. - The biggest test will be whether businesses can turn growing confidence into faster detection and better defense against AI-enabled attacks. - Read the full report