---
id: "claim-smb-budget-insufficiency"
type: "claim"
source_timestamps: ["¶6"]
tags: ["budgeting", "statistics"]
related: ["concept-smb-cyber-risk-asymmetry", "entity-crowdstrike"]
confidence: "high"
testable: true
sources: ["governance"]
sourceVaultSlug: "hbr-seg-governance"
originDay: 7
articleStem: "hbr-sig-57-smb-cyber-risk"
sourceUrl: "https://hbr.org/2026/06/ai-is-changing-cyber-risk-heres-how-smbs-can-respond"
sourceTitle: "AI Is Changing Cyber Risk. Here’s How SMBs Can Respond."
---
# Only 7% of SMBs have sufficient cybersecurity budgets

**Claim:** Per a [[entity-crowdstrike|CrowdStrike]] survey cited in the source, only **7%** of SMBs report their cybersecurity budget is "definitely sufficient," while **67%** prioritize cost above all else when selecting security tools (and ~70% rely heavily on internal IT staff). This underpins [[concept-smb-cyber-risk-asymmetry]].

**Source confidence:** high. **Testable:** yes.

> [!check] Enrichment validation — DIRECTIONALLY SUPPORTED, FIGURES SURVEY-SPECIFIC
> The directional claim (SMBs are underfunded, cost dominates tool selection, very few feel fully resourced) is strongly supported across SMB security surveys, which routinely show single-digit to low-double-digit proportions feeling "fully resourced" and heavy cost sensitivity. However, the exact 7% / 67% figures do not appear verbatim in the public 2026 CrowdStrike Global Threat Report; treat them as drawn from a particular SMB survey rather than universal constants.


## Related across articles
- [[claim-cybercrime-losses-increasing]]
