Regarding cyber threats, ransomware still takes the top spot as the most significant risk facing small and medium businesses in 2020.

According to a new study by Datto, more than 60 percent of SMB clients experienced a ransomware attack in the first three quarters of the year. On top of that, nearly all (95 percent) of MSPs said they believe their businesses are at risk of attack, a fact that could put their clients further at risk.

It’s not a surprise to see SMBs report a drastic increase in ransomware attacks. Ransomware attacks in 2020 have ravaged businesses in every industry, with thousands of incidents worldwide. Perhaps the most highly affected industry this year has been healthcare, which saw a drastic increase of attacks (59 percent of MSPs said they believe it is the most vulnerable sector) and prompted a warning from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in October.

The outcome of these cybersecurity events for every industry is also more significant than ever. Datto reported that the downtime cost to a business increased from $46,800 to $274,200 over the past two years — a six times increase since 2018. These costs are in addition to any other less tangible costs that come with a cyberattack, like reputational impact or loss of client trust.

This increasing risk comes in the face of more spending than ever by SMBs to prevent precisely this type of attack. Half of SMBs increased their IT security budgets this year, according to the study.

So, what is causing the increase in risk, as well as successful attacks? Datto attributes the rise to several causes, including phishing, poor user practices, and lack of end-user security training. These are all areas that have proven to be challenges for businesses of all sizes and types for many years, but ones that continue to persist. On top of that, the study found that many attacks targeted cloud applications and Windows endpoint systems applications, both commonly used by SMBs.

The past year put many of these factors front and center for small and medium businesses everywhere, as many were forced to transition to remote work that leverages cloud applications, remote devices, and email communications. On top of that, remote work increasingly relies on employees to make the correct cybersecurity choices, which may be difficult without the proper training.

“The COVID-19 pandemic has accelerated the need for stronger security measures as remote working and cloud applications increase in prevalence,” said Ryan Weeks, chief information security officer at Datto, about the findings.

What can a small or medium business do to combat this rising trend? Engaging with an MSP to provide ongoing security services is one place to start. An overall increase in cybersecurity spending to target those weak areas is attributed to the rising risk. Tools like business continuity and disaster recovery can also limit the impact of significant downtime, according to 91 percent of MSPs.

It is almost inevitable that cybersecurity attacks, including ransomware, will only continue to rise throughout the remainder of 2020 and in the years to come. Every SMB (and the MSP that supports them) should look this threat in the face and make the most strategic investments they can to limit the risk facing their business.