Skip to content Skip to footer

Loading Results

The state of SMB cybersecurity at a time of crisis

A report focused on SMB cybersecurity trends in APAC covering business readiness, vulnerabilities and priorities

Conducted in March 2020, during COVID-19 pandemic, this study surveyed more than 1,000 small and medium-sized businesses (SMBs) throughout Asia Pacific, investigates the state of cybersecurity in SMBs in the region, giving immediate first insights into how SMBs are responding during this unprecedented times.

In this study, we reveal how prepared - or unprepared - SMBs are in defending their businesses against cyberattacks, and what SMB’s priorities are when it comes to cybersecurity.

Download our report and explore more.

How can NextGens act as agents of change amid digital disruption?

“Are SMBs keeping up with cybersecurity trends and ready to defend themselves against cyberattacks?”

Felix Kan
Partner, Cybersecurity & Privacy Practice, Risk Assurance
Co-founder of Dark Lab
PwC Hong Kong

Duration: 00:01:55

Key findings

  • 73% of SMBs do not have dedicated cybersecurity team and only 53% of SMBs have antivirus solutions in place.
  • 90% of SMBs said they have been able to detect attacks within one working day; however industry studies indicate average dwell time in APAC is 54 days. This reveals a discrepancy between their confidence in their cybersecurity capabilities and their actual cyber-readiness.​

  • 57% of SMBs sustained cyberattacks during the last 24 months, with 76% of them suffering more than one attack.​
  • 70% of these attacks saw hackers, malware and other actors evading intrusion detection tools, and 65% bypassed antivirus solutions.​
  • Top-three cyberattack on SMBs are caused by viruses and malware (51%), web-based attacks (38%) and phishing attacks (32%), while the most vulnerable endpoints were desk/laptop computers (44%) and web servers (44%).​
  • More than 30% of SMBs suffered damage between US$50,000 and US$250,000, while 9% sustained damage of more than US$1 million.​

  • SMBs start to give growing importance in monitoring suspicious online activity and protecting data, especially on financial and customer data.
  • SMBs regard cybersecurity awareness and education among staff as high priority, and express a preference for tools that involve their employees in detecting threats and fending off attacks.
  • 89% of SMBs agree to have staffs involved immediately in order to raise alerts of suspicious online activity and help prevent further damage.

Download the report to find out more (English and Chinese)

Required fields are marked with an asterisk(*)


Please read our Privacy Statement.

By submitting this form, you confirm you have read our Privacy Statement and explicitly consent to the processing of personal information as set out in the Privacy Statement (including international transfers). PwC may rely on other legal grounds of processing to the extent permitted under applicable law.

Contact us

Kenneth Wong

Kenneth Wong

Mainland China and Hong Kong Digital Trust & Risk - Cybersecurity and Privacy Leader, PwC Hong Kong

Tel: +[852] 2289 2719

Follow us