维京云2026年SMB威胁景观报告：网络安全风险超越经济担忧之年

The Year Cybersecurity RisksSurpass Economic Concerns Executive Summary The cybersecurity battlefield has fundamentally shifted. The Risk Reordering:Cybersecurity Overtakes the Economy Economic forces traditionally determine how SMBs assessrisk. There is no shortage of threats: tariffs, geopoliticaltension, rising unemployment, shifts in consumer demand, This shift reflects a new fundamental reality: cybersecurity risk has become financial risk—capable of triggering customer loss, operational disruption, and revenue impact in a single For many SMBs, even a single cyber incident now exceeds their financial tolerance for survival. Most Likely Outcomes Following a Successful Cyberattack: Lower sales33%Loss of partners or vendors28% of SMBs, a financial impact ofFor40% or less from a cyberattackcould be enough to force themout of business.$100,000 Cyber incidents are no longer rare, isolated eventsfor SMBs; they are increasingly routine operationaldisruptions. In the past 12 months alone, nearlythree-quarters of respondents reported Wi-Fi ornetwork disruptions (73%), while more than half More concerning, these operational issues existalongside a growing prevalence of high impactcyberattacks capable of causing lasting financialand reputational damage. More than a quarter ofSMBs say they’ve experienced a deepfake scheme When Cybersecurity Becomes Personal:The Human Cost of Security Cybersecurity is now the #1 SMB risk, but who’sresponsible for managing it hasn’t changed; it stillfalls on already overextended business owners and SMB Business Owners: 66% frequently work late or onweekends to handle security In fact, 84% of business owners say they self-manage their cybersecurity, and more than half(54%) of SMBs with a dedicated cyber expert— have delayed or missedinvesting in new growthopportunities (like hiring ortech) out of concern that57% Alarmingly, more than a quarter of respondents(28%) admit the person managing theircybersecurity doesn’t have sufficient training, andmore often than not, it’s the respondents themselves.This concentration of responsibility carries a human SMB Cyber Leaders: constantly worry thatone mistake will lead to aruinous breach.56% 53% say their responsibilitieshave made their workloadtoo intense, impacting their 56% of cyber leaders constantly worry that onemistake will lead to a ruinous breach. 53% saytheir responsibilities have made their workload too This strain explains why exposure persists even as concerns rise. Burned-out leaders are more likelyto make reactive, checkbox-driven security decisions focused on keeping systems running andmeeting minimum compliance requirements rather than reducing real business exposure. Over Four Exposure PointsSMBs Can’t Ignore in 2026 The growing pressure on SMBs is driven by fourexposure points where risk is compounding faster than AI Continues to Outpace Human Defenses AI-powered cyberattacks are leading to defenseexhaustion, leadership burnout, and missed risks as Third-Party Risk is Creating a Loss of Control SMBs depend on third-party vendors for critical business operations, including payments, cloudservices, software platforms, and customer engagement tools. With that dependence comes In the past year, 55% of respondents experienced a third-party or vendor outage. Roughly 1in 5 assume their vendors are secure simply because of a contract or trusted brand name, adangerous assumption, since neither guarantees lower cyber risk. But even if others recognize the Third-Party Cybersecurity Controls Remain Limited: Less than a quarter23%have created a joint incident response planwith critical vendors, defining who communicates what if they cause a 19%report using initial due diligence to actively reduce the cyber riskposed by their most critical vendors, such as conducting a security assessment or questionnaire before selecting them. Just19%restrict vendor access to only the minimum data required(least privilege). Only19%require their critical vendors to carry cyber liability insurancecovering potential breaches. A mere17%continuously monitor their vendors’ security posture 24/7. As a result, SMBs are absorbing enterprise-level dependency risk without enterprise-level oversight,leaving them exposed to incidents they did not cause and cannot control. Payment Security Confidence Masks Real Risk03 The attack surface is rapidly evolving for payment security as tokenization, passkeys, andbiometrics replace credit card numbers. SMBs are navigating this change with a mix of confidence 40% of respondents say the removal of the 16-digit primary account number (PAN) from creditand debit cards will significantly or extremely impact the security of their business transactions.In fact, 42% accept a combination of online/e-commerce and in-person credit card payments, Payment Security Is Changing:The following emerging technologies reduce fraud risks, but also introduce Tokenization:Replaces cardnumbers with non- P