In 2025, a Belgian SME was hit by a ransomware attack every 11 minutes on average. The average cost of an attack for an SME: between €50,000 and €200,000 — ransom, data recovery, business interruption, GDPR fines. Here is how to protect yourself effectively without an enterprise budget.
Je ne vais pas vous faire peur pour rien. Mais je vais être honnête : la question n’est plus « est-ce que ma PME sera attaquée ? » mais « quand, et est-ce qu’on sera prêts ? »
The good news: the most effective measures do not cost a fortune. Here is what we deploy at our IT management clients to protect them.
The numbers that make you think
of ransomware attacks target SMEs with fewer than 100 employees
average duration of business interruption after a ransomware attack
of attacked SMEs close within the following 6 months
How a ransomware attack actually unfolds
Entry point — phishing email or unpatched VPN
In 85% of cases, the attack starts with an email. An employee clicks a link, opens an attachment, or enters credentials on a fake site. Sometimes, it is an internet-exposed service with a known vulnerability — outdated VPN, directly exposed RDP.
Lateral movement — the attacker explores your network
Once inside, the attacker spends several days mapping your network, identifying your backups, and escalating privileges. This phase lasts on average 15 days before the ransomware is triggered.
Encryption — everything locks down in a few hours
The ransomware spreads across all accessible systems, encrypts your files, deletes your local backups if they are accessible, and displays the ransom demand. Without an offline backup, you are stuck.
The real cost of an attack for a Belgian SME
💸 Estimate for a 10-person SME
15.000 – 40.000 €
5.000 – 20.000 €
10.000 – 50.000 €
0 – 20.000 €
Incalculable
30.000 – 130.000 €
The 6 measures that change everything — without enterprise budget
3-2-1 backups with offline copy — it is the only real insurance against ransomware. If your backups are not accessible from the network, ransomware cannot encrypt them.
MFA on all accounts — Microsoft 365, VPN, remote access. MFA blocks 99.9% of credential stuffing attacks.
Automatic updates enabled — 60% of attacks exploit vulnerabilities with a patch available for more than 30 days.
Firewall with DNS filtering — Pi-hole or pfSense with blocking of known malicious domains drastically reduces the attack surface.
Anti-phishing training — a 2-hour session per year reduces phishing click-through rates by 70% in studies. It is the most profitable investment.
Network segmentation via VLAN — if a workstation is compromised, ransomware cannot spread across the entire network.
Do not pay the ransom. In 40% of cases, data is not recovered even after payment. Payment funds the next attacks. And in Belgium, paying a ransom to a sanctioned group may constitute an offense. Invest that money in prevention.
What NexK IT deploys for our IT management clients
For our Premium plan clients, we systematically include: Zabbix monitoring with anomaly alerts, automatic backups with off-network replication, managed updates, and pfSense firewall with DNS filtering. For Basic clients, we recommend at minimum 3-2-1 backups and MFA.
An anti-phishing training session for your team? We do that too — €350, 2 hours, and your employees leave with the reflexes that prevent 80% of incidents.
🛡️ Is your SME really protected?
NexK IT performs a full cybersecurity diagnostic for your SME — gaps identified, concrete action plan, no jargon.