‍

According to a recent study, defense contractors and their organizations have cited cybersecurity as their top priority. Between mounting threats, a rapidly evolving regulatory framework, and a newly finalized CMMC requirement, it would be surprising if cyber wasn’t front and center of every discussion.

Highlights from ConnectWise and Vanson Bourne’s State of SMB Cybersecurity in 2025 reveal that 57% of SMBs surveyed say that cybersecurity is their top priority. 58% report increased spending over the past year, yet only 51% have adequately implemented the policies and processes required to sustain it. The study included insights from 700 global businesses, with representation from North America, the United Kingdom, Australia and New Zealand, and the Benelux countries.

Though the companies in the study aren’t all in the defense realm, their concerns echo those of contractors in the DIB. Bottom line? If cybersecurity isn’t one of your business’s core concerns, the company and its continuity are at risk.

For organizations in the DIB, the landscape is nothing new. For any government contractor, cybersecurity goes beyond simply protecting data, IP, and infrastructure. With 48 CFR in play, it is required to support ongoing revenue, and, indeed, is a matter of national security.

SMBs Are Not Confident in Their MSSPs

One of the most concerning statistics in the study is that 73% of the companies surveyed are not confident that their MSSP can protect them in the event of a cyberattack. As organizations must rely on specialists to champion this cause, that’s a shocking revelation, pointing to a gap in vetting before choosing a security provider and potentially leaving the company and its systems exposed.

Defense contractors understand the value of partnering with qualified service providers that have demonstrated a capacity for compliance and reliability. The cost and repercussions of such a failure could range from lost contracts at the low end to lost lives, a compromised mission, and a serious threat to our national security at the high end.

As a trusted partner serving the Defense Industrial Base, Essendis is qualified to deliver highly compliant managed security services, providing customers with a team of experts who understand their business and are fully committed to their success.

Security Maturity and Readiness in the Next Generation of AI

Threat actors are using advanced tactics, such as AI, to multiply their impact. For contractors handling CUI, closing this gap is of utmost concern. Failing to protect CUI in the AI-powered threat environment adequately puts everything at stake. Policy and governance must be front and center to mitigate vulnerabilities before they become security issues.

The ConnectWise Study reveals that only 51% of SMBs surveyed have established policies to protect their systems from AI risks. Almost half of these businesses lack clear guidance on how to respond to a sophisticated attack.

Build Your Security Resources Now

For any DIB contractor, the study we’ve outlined today underscores the value of ongoing cybersecurity investment.

Defense contractors face an uphill battle as CMMC enforcement looms and imminent updates are expected (source). In best practice, your investment should align with your risk level. Getting ahead of the curve will provide significant advantages and may position your organization as a preferred supplier when contracts are being awarded.

We recommend downloading this study to use as a talking point when seeking buy-in from leadership for cybersecurity funding. CMMC compliance requires considerable time, preparation, and accurate budgeting. The sooner your organization can jump on it, the closer you will be to compliance at your required level.

Speak to our experts today about your CMMC readiness assessment.