A third of small and medium-sized businesses have already been the victim of a cyber attack(s), a risk that is widely recognized
Overall, 32% of companies with 250 to 4999 employees have already suffered at least one cyber attack, including 21% in the past year. Companies with over 1,000 employees are more exposed to this type of attack (40% claim to have been victims), as are companies in the primary and secondary sectors (39%, compared with 29% of companies in the tertiary sector).
Cyber risks are widely recognized: 81% say they are prepared to be cyber-attacked, and 77% feel that cyber risk is increasing for their type of business (with 33% and 41% respectively stating this with certainty). Nearly ¾ (73%) of small and medium-sized businesses say that their cybersecurity budget for the coming year will increase compared to last year.
The most feared consequences of a cyber attack are business interruption (36%), followed by data leakage (29%) and counterfeit transfer fraud (23%). In a much smaller minority, the cost of investigating and restoring your IT system, and the payment of ransom are concerns shared by 7% and 5% of companies respectively.
Insurance coverage remains partial, but companies on the whole consider themselves fairly well armed to face the risks
A slight majority of small and medium-sized businesses (51%) have already taken out insurance cover against cyber risks, and 7% say they intend to do so. Although insurance against cyber-attacks is still far from being unanimously adopted by ETIs, the subscription score remains higher than that measured among SMEs surveyed in 2022 as part of a previous Ifop study for Stoïk (33%). This is due in particular to the lower frequency of cyber attacks among SMEs (11% in 2022 versus 32% for SMBs in 2025).
Overall, the option that attracts the most interest among SMBs when it comes to insurance against cyber risks is full compensation in the event of a claim (64% support this proposition). Nearly one in two (49%) are also interested in access to preventive tools, and 43% in the availability of a team of cybersecurity specialists in the event of a crisis. Last but not least, 37% of small and medium-sized businesses would like support in monitoring their cybersecurity projects.
