To begin with, given their limiting budgets, SMBs tend to make smaller investments for network security and may fall behind on online security improvement.
However, you would be well-advised to know that SMBs make up around half the targets of all cyber crimes for this very same reason. Hackers are aware that your security may be lax, and targeting SMBs carries a lot less risk and exposure compared to attacking large, multinational corporations or government organizations.
And most importantly, in the unfortunate case of a successful attack, SMBs suffer the greatest. Statistics have shown that more than half of SMBs find it impossible to recover from such an event: