According to the Sophos report, which can be found here, the skills shortage in cybersecurity is the second biggest risk facing these companies, surpassed only by zero-day threats. More than 74 per cent of ransomware attacks result in data encryption, which is alarming.

Adding to the challenges, 33 per cent of SMBs have no one monitoring, investigating, or responding to alerts. Furthermore, 96 per cent of these businesses find investigating suspicious security alerts difficult, and 75 per cent struggle to remediate malicious incidents promptly.

Aaron Bugal, Field CTO at Sophos. It highlights the urgent need for enhanced cybersecurity measures and skills within SMBs to combat these escalating threats.

The report shares key findings from 5,000 frontline IT/cybersecurity professionals across 14 countries, highlighting the impact on SMBs, or organisations with fewer than 500 employees.

Sophos's field CTO Aaron Bugal said, “A shortage of in-house cybersecurity skills is one of the most significant cyber risks for businesses today. Coupling this mounting skills gap with a significant burnout crisis among cybersecurity professionals makes small businesses more vulnerable to attacks.”

He added that with 91 per cent of ransomware attacks occurring outside of standard business hours, SMBs must monitor their networks 24/7 to identify malicious activity before an attacker can exfiltrate or encrypt data.