---
id: "entity-microsoft-d7"
type: "entity"
entityType: "organization"
canonicalName: "Microsoft"
aliases: []
source_timestamps: ["¶5", "¶6"]
tags: ["enterprise", "research"]
related: ["claim-smb-breach-cost", "concept-smb-cyber-risk-asymmetry"]
sources: ["governance"]
sourceVaultSlug: "hbr-seg-governance"
originDay: 7
articleStem: "hbr-sig-57-smb-cyber-risk"
sourceUrl: "https://hbr.org/2026/06/ai-is-changing-cyber-risk-heres-how-smbs-can-respond"
sourceTitle: "AI Is Changing Cyber Risk. Here’s How SMBs Can Respond."
---
# Microsoft

**Role in the source:** the enterprise benchmark that makes [[concept-smb-cyber-risk-asymmetry]] vivid. The article cites Microsoft as spending **over $1 billion annually** on security, data protection, and risk management, and cites Microsoft research for the **$250,000+** average SMB breach cost ([[claim-smb-breach-cost]]).

**Profile:** a major technology firm providing operating systems, cloud infrastructure (Azure), productivity tools, and extensive cybersecurity research and services. Its public communications frequently emphasize multi-billion-dollar annual security investment and publish studies on SMB cyber risk.

> [!note] Enrichment note
> Microsoft-sponsored SMB studies do report breach costs in this general range, but the exact "$250,000" figure is best treated as a representative, synthesized statistic rather than a single canonical Microsoft benchmark.
