New research: Global Cost of Ransomware Study. See what breaches are costing you.
Get the report
Blog
/
Zero Trust Segmentation

SMBs Can’t Afford to Put Off a Zero Trust Strategy

Charlie Bedell
Content Marketing Manager
March 7, 2025
23 min. read

When you think of a cyberattack, you might imagine large enterprises in the news. But the truth is, small and midsized businesses (SMBs) are targeted more often.

Last year, SMBs were hit by 75% of all cyberattacks, with ransomware being the most common culprit. These attacks caused the average cost of a data breach for small businesses to reach $2.64 million — a loss that could be devastating for many companies.

Attackers see SMBs as easy targets. Unlike big companies, many SMBs don’t have the money or tools to build strong security systems. This makes them a tempting choice for attackers who want a quick and easy win.

For big companies, a cyberattack is a big deal. But for SMBs, it can be much worse — many are forced to close their doors for good.

Why are SMBs easy targets for bad actors?

Hackers often go after SMBs because they usually have weaker defenses than big companies.  

Many SMBs don’t have big IT teams or the latest technology. Some still use old systems that don’t get security updates. Others might not have basic security tools like two-factor authentication. Busy teams may not have time to learn about new threats, making their businesses an easy target.

Also, they know that small enterprises are less likely to have advanced tools to spot and stop attacks quickly. This gives attackers more time to dig into systems and cause more damage.

Oftentimes, targeting SMBs means a lot of reward for less effort.

On top of that, many SMBs don't think they're a target, leading to a false sense of security. They might believe that only big corporations attract hackers, but in reality, smaller businesses are often easier to breach and can still provide valuable data.

Common threats facing SMBs

While ransomware gets a lot of attention, it's not the only threat SMBs face.  

Orange boxes and alerts for a cybersecurity graphic

Disruption attacks, like denial-of-service (DoS) attacks, can shut down systems and halt business operations.  

Supply chain attacks are also dangerous. These happen when a hacker breaches a vendor or partner to gain access to your business. Even if your own defenses are solid, a weak link in your supply chain can lead to trouble.

Many SMBs also struggle with outdated technology and security strategies. Traditional tools like firewalls and basic antivirus software are not enough.

Modern threats need modern defenses, and that’s where a Zero Trust strategy comes into play.

What is Zero Trust, and why does it matter for SMBs?

The Zero Trust model, pioneered by John Kindervag in the early 2010s, challenges the traditional network security approach of assuming everything inside a network is safe. Instead, Zero Trust eliminates implicit trust altogether.  

Zero Trust assumes every user, device, and application could be a potential threat, enforcing strict, granular security controls to limit access to only what is necessary.

For SMBs, this approach to security can be revolutionary. Instead of trying to defend a vast network with limited resources, Zero Trust allows small enterprises to focus on protecting critical assets.  

Zero Trust helps SMBs proactively prepare for breaches, build resilience, and meet compliance requirements more easily — all without needing to break the bank.

But it's not something you set up once and forget. It's an ongoing process.  

The good news is that even SMBs can start small. By focusing on high-priority areas first, you can build momentum and see results quickly.

Experts also recommend setting clear goals. For example, start by applying Zero Trust principles to critical assets, like customer data or financial systems. Once those areas are secure, expand to other parts of the network.  

This phased approach makes the journey manageable and allows for quick wins along the way.

Microsegmentation is foundational to SMB cybersecurity

Microsegmentation is a key part of Zero Trust. It divides your network into small, secure zones.  

If bad actors break in, they can’t move freely across your network if it’s segmented. Instead of a wildfire, the breach is more like a small, contained fire.

A diagram of networks with and without microsegmentation

Here’s why microsegmentation is great for SMBs:

  • Stop ransomware spread: Microsegmentation keeps ransomware from spreading. It locks down the area where the attack started, preventing bigger problems.
  • Help with compliance: Many security rules, like NIST and CIS, recommend microsegmentation. It helps protect sensitive data and makes it easier to follow the rules.
  • Make life easier for small IT teams: Automated tools can handle a lot of the security work. This gives IT teams more time to focus on other tasks.
  • Lower recovery costs: When an attack is contained, it means less downtime and fewer costs to fix the problem.
  • Improve visibility: Microsegmentation allows SMBs to see how data moves across their network, making it easier to spot unusual activity before it becomes a problem.

Illumio Zero Trust Segmentation (ZTS) helps you easily get granular visibility and build microsegmentation. Learn more about Illumio ZTS:

Build breach containment, not just prevention

The reality is that cyber incidents are inevitable. But they don’t have to be catastrophic.  

By adopting a Zero Trust strategy grounded in microsegmentation, SMBs can contain breaches and build resilience against modern cyber threats.  

Download the full Cybersecurity Survival Guide for SMBs to get more actionable insights on how to prepare your organization’s security for whatever comes next.  

Related topics

SMB

Related articles

The 5 Best Zero Trust Tips from Infosys CISO Vishal Salvi
Zero Trust Segmentation

The 5 Best Zero Trust Tips from Infosys CISO Vishal Salvi

Vishal Salvi, who is responsible for information security at Infosys, discusses the evolution of the CISO over the past 25 years and Zero Trust tips.

Read more
5 Must-Know Insights from Zero Trust Pioneer Chase Cunningham
Zero Trust Segmentation

5 Must-Know Insights from Zero Trust Pioneer Chase Cunningham

Chase Cunningham, also known as Dr. Zero Trust, shares his thoughts in this Zero Trust Leadership Podcast episode.

Read more
Join Illumio the Gartner 2025 APAC Security & Risk Management Summit in Sydney
Zero Trust Segmentation

Join Illumio the Gartner 2025 APAC Security & Risk Management Summit in Sydney

Explore Illumio at the Gartner Data & Analytics Summit 2025 in Sydney on March 3–4 at booth 318.

Read more
Ransomware: How Small and Midsize Organizations Can Stop Its Spread
Ransomware Containment

Ransomware: How Small and Midsize Organizations Can Stop Its Spread

Read more
10 Reasons Why Small and Midsize Businesses Need Zero Trust Segmentation
Zero Trust Segmentation

10 Reasons Why Small and Midsize Businesses Need Zero Trust Segmentation

Learn why small and midsize businesses (SMBs) are a top target for bad actors and how they can contain attacks with Zero Trust Segmentation.

Read more
ESG Research: How Small and Midsize Enterprises Can Fix Breach Unpreparedness
Cyber Resilience

ESG Research: How Small and Midsize Enterprises Can Fix Breach Unpreparedness

Get insight from analyst firm ESG research findings on where small and midsize businesses stand on Zero Trust and segmentation progress.

Read more

Assume Breach.
Minimize Impact.
Increase Resilience.

Ready to learn more about Zero Trust Segmentation?

Learn more