Montero emphasizes that small businesses are not only the most frequent targets of cyberattacks, but they also lack sufficient government protection or recourse. If a business falls victim to financial fraud under $50,000–$100,000, the FBI often won’t investigate, simply because there are too many such cases and not enough resources.

This creates a major gap: the government and cybersecurity ecosystem aren’t built to support small businesses, even though the economic impact is massive. The trends from 2021 are expected to grow exponentially, yet federal investment in cybersecurity is unlikely to trickle down in any meaningful way to small organizations.

The speaker stresses the importance of collective action, comparing it to locking your doors at night. If small businesses don’t start raising their baseline security, attackers will continue exploiting them because it's easy and profitable.

In response to a question about state-level efforts, the speaker notes that some states are beginning to take action, citing New York’s JSOC (Joint Security Operations Center) as an example. JSOC shares data across organizations to detect threats—but it’s underfunded and limited to government-related sectors (state, local, tribal, and education). Small businesses are still left unprotected, and broader protection is likely still years away.

The overall tone is a warning: small businesses are in a dire cybersecurity situation, and systemic support is lagging far behind the threat.