Although 2017 showed phishing attacks third on the list of dangerous threats to security, a recent global report shows some employers shifting to attacks as their primary security focus. The Webroot SMB Cybersecurity Preparedness report shows 48% of SMB’s (small-to-mid-sized businesses) believe phishing is the top threat to their cyber-resilience, while 45% feel they’re vulnerable to DNS (domain name system) attacks. Ransomware moved into the fifth place concern, compared to third place from 2017 to 2018.

It’s no surprise that cyber-resilience is a multi-layered concern for SMB business owners – and for good reason. A report by the National Cyber Security Alliance discovered over 70% of cyberattacks target small businesses. Worse, almost 60% of SMB’s go out of business within six months of an attack. That’s a very real threat for SMB owners, who according to the Webroot report, are now focusing on phishing attacks as the greatest perceived threat to their future.

Webroot’s report surveyed SMB owners in the U.S., UK and Australia on several cybersecurity issues. The most promising result was overall all three countries claim that nearly 100% of employees are educated about security threats. However, that number starts to unravel in several ways. In total, 39% of SMB’s provide continuing employee cyber education, with the U.S. topping the chart at 54% providing ongoing education.

Of all three countries surveyed, the U.S. ranks phishing as 58% of their worries, with the UK claiming the lowest concern at 42%. DNS attacks rate second (48%) after phishing, with ransomware coming in third (42%). All three attacks pose serious threats when employees are involved. It’s clear that perceived threats to SMB’s change over time and will no doubt swap places again in the future. Revolving threats may alter SMB’s priorities, but no matter what order they take, all cyber threats are serious liabilities. It’s clear that cyber-resilience for any size company requires a concerted effort by employers. Continuing employee education and bolstering data systems are prerequisites for cyber safety, particularly for the most vulnerable SMB’s.

Awareness is key to avoiding phishing. There are many ways to ensure that everyone in your organization is not only aware of the threats, but how to avoid them is no longer an option; but is a necessity. And the bonus is that doing this can help alleviate some of that worry about phishing.