Over the past few years, we have seen an explosion of cybersecurity attacks targeting businesses of all sizes — from the largest enterprise to the smallest SMB. However, despite all these attacks splashing across headlines, new research shows that a third of employees still don’t understand the importance of cybersecurity.

According to a study by Tessian of more than 2,000 employees, a third of employees don’t understand the importance of cybersecurity. Moreover, 20 percent say that they don’t care about cybersecurity at work, and 10 percent say they don’t even make it a priority at home. Yet, when you ask IT or cybersecurity leaders, 99 percent of those surveyed said that a strong security culture was vital to mitigating risk.

When asked how they view supporting cybersecurity efforts within the business environment, the results prove to be equally concerning in mitigating risk. Only 39 percent of respondents to the survey said they were likely to report a security incident — meaning that business leaders might not know if an incident is in progress. The reason (according to 42 percent of those surveyed) is that they might not know if an incident has started or (according to 25 percent) they don’t care enough to alert security leaders.

For an SMB, these statistics are extremely concerning. A cybersecurity attack can cause significant damage to an SMB’s ability to support its customers, resulting in a major loss of data or causing a significant impact on its reputation. In a worst-case scenario, it can even cause the SMB to go out of business entirely — an outcome no business owner wants to see.

One way SMB security leaders combat this is through cybersecurity awareness training. By holding classes or training exercises, SMBs can help educate employees on the importance of solid cybersecurity best practices and how to ensure they are playing their part in mitigating risk. In fact, 48 percent of security leaders said training is one of the most important things they can do to improve their cybersecurity posture. However, security leaders also have to focus on making this training interesting and engaging so that employees pay attention (only 28 percent said their organization offers engaging training and 50 percent said they had a negative experience).

It has never been more important for SMBs to pay attention to these statistics — and then reflect on how they are panning out inside their own organizations. Damages from cybersecurity attacks worldwide are expected to reach $10.5 trillion by 2025, and according to the Tessian report, three-quarters of organizations surveyed had experienced some sort of attack in the last 12 months. SMBs should consider if cybersecurity awareness training could benefit their organization and implement it if they have not already, as well as implement a complete cybersecurity technology strategy to mitigate any remaining risk. As a result, they can hopefully beat the odds and mitigate the risk of a cyberattack hitting their organization and affecting their ability to serve their customers.