It Takes SMEs an Average of 106 Days to Respond to Cyber Incidents
Ransomware Is the Most Common Type of Cyber Incident
53% of Cyberattacks Occur at Night and During Late Hours
It has been found that small and medium-sized enterprises (SMEs) take an average of more than 100 days from experiencing a cyber incident to launching an investigation. Many of the cases involve ransomware infections caused by attacks on application vulnerabilities.
Infographic analyzing domestic corporate cyber intrusion incidents from 2021 to 2025. SK Shields
View original imageBased on the analysis of incident data accumulated over the past five years, SK Shieldus examined the cybersecurity status and key threat trends for SMEs. The results showed that it took SMEs an average of 106.1 days from initial infiltration to recognizing the breach and beginning an investigation. The maximum time taken was as long as 700 days, and 32.6% of the cases took more than 90 days.
The main types of cyber incidents were ransomware, data breaches, and cryptocurrency mining, in that order. In particular, ransomware (44.9%) and data breaches (42.9%) accounted for the majority of incidents. The burden on SMEs, which have limited security personnel and infrastructure, has also increased significantly. According to the Korea Internet & Security Agency (KISA), about 89.4% of ransomware incident reports last year came from SMEs.
Hacking attacks mainly targeted system vulnerabilities and limited security environments. Initial infiltrations most commonly exploited application vulnerabilities (20.8%), followed by file upload vulnerabilities (18.9%) and VPN vulnerabilities (15.4%). Other major attack vectors included malicious emails, watering hole attacks, and externally exposed URLs.
In major incident cases last year, internal data leaks through malicious emails and watering hole attacks, ransomware infections via brute force attacks, and cryptocurrency mining based on supply chain attacks were most prominent.
More than half (53.2%) of cyber incidents occurred during nighttime and late-night hours (18:00–05:00). However, hacking attempts also occurred continuously during the day, indicating the need for around-the-clock monitoring and stronger response systems.
By industry, manufacturing suffered the most incidents (47.4%), followed by information services (15.8%) and finance (10.5%). Incidents were also reported in a wide range of other sectors such as services and distribution, showing that security threats are spreading across all industries rather than being limited to specific fields.
In manufacturing, production equipment and operational systems are closely linked, so security incidents can easily lead to production line shutdowns or delivery disruptions. In such cases, the damage can extend beyond delayed deliveries and lost sales to affect partners and the entire supply chain, making ongoing security monitoring and rapid response essential.
SK Shieldus supports the establishment of corporate security response systems through its MDR (Managed Detection & Response) service, which provides 24-hour cyber threat detection·analysis·and response. The MDR service is also available as a monthly subscription, allowing companies to secure professional response capabilities at all times through a monthly fee. SK Shieldus also offers ASM (Attack Surface Management) services, enabling companies to identify and manage the vulnerabilities and risks of their assets from an attacker's perspective in advance. This service supports identification of externally exposed assets, vulnerability checks, and setting and improving response priorities.
Hot Picks Today
!["Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①](https://cwcontent.asiae.co.kr/asiaresize/93/2026051914165468840_1779167814.png)
"Rather Than Endure a 1.5 Million KRW Stipend, I'd Rather Earn 500 Million in the U.S." Top Talent from SNU and KAIST Are Leaving [Scientists Are Disappearing] ①
- "Not Jealous of Winning the Lottery"... Entire Village Stunned as 200 Million Won Jackpot of Wild Ginseng Cluster Discovered at Jirisan
- "I'll Stop by Starbucks Tomorrow": People Power Chungbuk Committee and Geoje Mayoral Candidate Face Criticism for Alleged 5·18 Demeaning Remarks
- "I Will Give Them a Chance for Self-Examination": Chinese Scientific Community Shaken by Influencer's Preemptive Whistleblowing
- "How Did an Employee Who Loved Samsung End Up Like This?"... Past Video of Samsung Electronics Union Chairman Resurfaces
A representative from SK Shieldus stated, "With the recent spread of AI technology, cyberattacks are becoming increasingly sophisticated and advanced, making it difficult to respond to every threat with limited personnel and resources. SK Shieldus will continue to expand support so that SMEs can operate professional security response systems while reducing their burden."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
