DIB Cybersecurity Maturity Report 2025

Small to medium-sized businesses (SMBs) are creating the innovation and technology that fuels America's Defense Industrial Base (DIB) and the nation’s critical infrastructure (CI). Yet because of that, they’re prime targets for attacks from nation-state actors, ransomware gangs, and other cyber criminals on the hunt for sensitive data and looking to disrupt operations. The majority of SMBs are unprepared to deal with a motivated cyberthreat.

What these businesses need isn’t just basic IT security controls, but a defense-in-depth strategy to reduce their cybersecurity incident risk. But how many are actually taking this approach?

This is the question we asked in last year’s “DIB Cybersecurity Maturity Report 2024” and what we’re asking in this year’s report. This year’s respondents provided insights into their current state of cybersecurity, their biggest security challenges, their experience working with outsourced service providers, and where they currently stand on their CMMC compliance.

We hope these findings, along with how they’ve changed from last year, help you benchmark your current security efforts and guide you towards strengthening your security posture in 2025.

Chris Petersen

Co-Founder & CEO, RADICL

77% say enhancing cybersecurity is a high priority.

66% have three or more people dedicating time to security, and 80% rate their security skill level as very high or high.

47% had four or more user accounts or emails compromised in the past year.

24% had more than ten user accounts or emails compromised, and 47% had four or more of their endpoints compromised in the past year.

54% say it would take two days or longer to respond to ransomware or a breach.

Also, 38% would take a week or more to detect a threat in their environment. 44% would not be surprised to experience an operational disruption or data theft.

57% report low to medium effectiveness in threat hunting.

Additionally, 56% report low to medium effectiveness in threat investigation and 55% report low to medium effectiveness in threat monitoring.

37% say cybersecurity-related incidents have cost their company $100,001.

Of those, 4% report that cost to be more than $500,001.

The biggest security challenge is protecting sensitive data from breaches and leaks.

They’re also challenged with implementing and maintaining compliance with regulations and keeping up with evolving cyber threat landscapes.

The biggest challenge with outsourced providers is the inconsistent quality of service.

Other challenges include being too expensive given the overall value delivered and Limited support for compliance management.

The top capability they’re looking for in a new service provider is using the latest technologies to offer robust protection against evolving threats.

They’re also looking for providers with quality staff and swift, coordinated responses to security incidents.

While 71% have started CMMC, only 17% state they are Level 2 ready.

21% are compliant with Level 1, and 17% are compliant with Level 2.