The problem therefore doesn’t appear to be that the threat is unknown, but rather that there is a general lack of everything needed to defend against the threats: ample budgets, knowledgeable personnel, a suitable defence strategy, and IT security infrastructure.
Lacking these elements makes SMBs an easier potential target than larger organisations which usually have better resources. In addition, cybercriminals also like to use SMBs to gain access to the larger organisations that they are trusted to work with.
To make matters worse, it is not only preventing attacks that can be more difficult for SMBs, they may also find it more difficult to handle a successful attack due to their lack of resources: This includes reputation management, dealing with regulators (and the need to know if, when, and how to report an incident), along with how to effectively communicate issues with customers, partners, and suppliers etc.
When you consider these points, it is easy to see how SMBs can have a hard time dealing with the consequences of cyber attacks such as lost customer trust, reputational damage, and financial losses.