Key figures
- The number of cyberattacks on Russian business nearly doubled over the year; in the first months of 2025 alone more than 105,000 incidents were recorded (per RED Security SOC).
- In Q1 2026 the Bank of Russia noted a nearly twofold rise in malware attacks on legal entities.
- Kaspersky reports a roughly 35% increase in attacks on small and mid-sized business.
- Total damage to business from cyberattacks runs into hundreds of billions of rubles; per Solar 4RAYS and BI.ZONE estimates, around 1.5 trillion rubles over eight months of 2025.
- A significant share of successful attacks leads to operations stopping.
Why SMBs are a convenient target
Small and mid-sized businesses usually have weaker protection and less buffer: a single ransomware strain can halt revenue for days and weeks. Yet many owners think "we are too small to be attacked" — while attacks today are often mass-scale and automated, with no regard for size.
Practical takeaways
- Count not the probability of "will they hit us or not" but readiness: what stops first and how fast we recover.
- Protection is several times cheaper than recovery — investing in advance pays off.
- The basic minimum: isolated backups, a first-hours plan, a trained team.
More in "An IT team does not protect the business" and "What to do in the first hours after a cyberattack". You can assess your readiness with the free 5-minute diagnostic.
See how resilient your business really is
13 questions, 5 minutes, free — results on screen and by email.
FAQ
Is it true that small business is attacked less often?
No. Many attacks are mass-scale and automated, with no selection by size. SMBs meanwhile have weaker protection and less buffer, so the consequences are often more severe.
Where do the cyberattack figures come from?
From reports by specialist firms and the regulator: RED Security SOC, Solar 4RAYS, BI.ZONE, Positive Technologies, Kaspersky, the Bank of Russia. Specific values vary report to report, but the trend is steadily rising.
