New Research Reveals Common Cybersecurity Vulnerabilities at Small and Mid-Size Firms

Infographic showing 5 cybersecurity gaps found in 24+ assessments of small businesses: 79% have no incident response plan, 68% lack full MFA, 61% have no offsite backups, 57% have unauthenticated email domains, 52% use outdated endpoint protection. Free s

JubilantWeb analyzed 24+ security assessments of law firms, insurance agencies, and media companies — and found the same five gaps every time. Free assessment at jubilantweb.com/security-check.

Florida IT Firm Reviews 24+ Security Assessments and Finds the Same Five Gaps Appearing in Law Firms, Insurance Agencies, and Media Companies

The businesses we assessed are not careless — they're busy. The gaps we find are on the business side, and most of them can be fixed in days, not months.”

— Nelson Penagos, Founder, JubilantWeb

ORLANDO, FL, UNITED STATES, March 9, 2026 /EINPresswire.com/ -- \Most small businesses assume their cloud provider handles security. They don't. And for the businesses that find out the hard way, the damage is rarely just financial.

JubilantWeb, an IT infrastructure and security firm founded in Orlando in 2007, today released findings from more than 24 security assessments conducted across professional service businesses in Florida and New York between 2024 and 2026. The same five vulnerabilities showed up in firm after firm.
THE FIVE GAPS THAT KEEP APPEARING

NO INCIDENT RESPONSE PLAN — 79% of businesses assessed had no written plan for what to do if they get hacked. Without one, the first hours of an attack are chaos — wrong people get called, wrong decisions get made, and downtime doubles.
MFA NOT FULLY DEPLOYED — 68% had multi-factor authentication turned on for some systems but not all. Remote access points and cloud apps left without MFA are the most common entry point for credential attacks.

NO OFFSITE BACKUPS — 61% were backing up data locally only. When ransomware hits a network, it encrypts every connected drive — including local backups. Without an offsite or immutable cloud backup, there is nothing to restore from.

EMAIL DOMAIN NOT AUTHENTICATED — 57% had incomplete or missing DMARC, DKIM, and SPF records. Without these, anyone can send email that appears to come directly from your domain — targeting your clients, vendors, and staff.

OUTDATED ENDPOINT PROTECTION — 52% were relying on basic antivirus that does not catch fileless malware or zero-day exploits, now the most common attack methods used against small businesses.

WHAT THIS LOOKS LIKE IN PRACTICE
In one recent assessment of a mid-sized media company operating on Azure with a distributed workforce, JubilantWeb identified three of the five gaps within 11 minutes — including an unmonitored remote access point that had been active, and exposed, for over a year. The company had no idea it existed.

"The businesses we assessed are not careless — they're busy," said Nelson Penagos, Founder of JubilantWeb. "Most are running on Azure or Microsoft 365 and assume the cloud handles security. It handles the platform. The gaps we find are on the business side, and most of them can be fixed in days, not months."

This pattern is most common in law firms, insurance agencies, and media companies — where confidential client data is high-volume and there is rarely a dedicated IT person watching for problems.

"A 20-attorney law firm is managing discovery documents, settlement records, and client financials on shared drives with no one monitoring access. The fix is often simpler than people expect — but only if you know where to look."

ABOUT THE METHODOLOGY
Findings are drawn from JubilantWeb's Security Baseline Analyzer, available at jubilantweb.com/security-check. The tool evaluates businesses across five control areas mapped to NIST SP 800-171 and CIS Controls v8. Businesses assessed ranged from 10 to 250 employees across Florida, New York, New Jersey, and Colombia between Q1 2024 and Q1 2026.

ABOUT JUBILANTWEB
JubilantWeb has been helping B2B businesses manage IT infrastructure, cloud security, and digital marketing since 2007. Founded by Nelson Penagos and based in Orlando, Florida, the firm works with businesses across Florida, New York, and internationally. Businesses can request a complimentary Security Baseline Assessment at jubilantweb.com/security-check.

Lori Thompson
JubilantWeb.com
email us here
Visit us on social media:
LinkedIn

Legal Disclaimer:

EIN Presswire provides this news content "as is" without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the author above.