115,000 dollars. That is the median ransom paid by victim businesses in Verizon’s 2025 Data Breach Investigations Report, an analysis of more than 22,000 security incidents including 12,195 confirmed breaches, and the report is blunt about who carries that weight: ransomware disproportionately hits small and medium-sized businesses, not the Fortune 500 (verizon.com). For a ten-person company, that figure is not a budget line. It is the difference between absorbing a bad month and closing.
This playbook covers three things: what the threat actually looks like for a small team, what AI security tools genuinely do about it, and what the real options cost, with prices taken from the vendors’ own pages rather than a sales deck.
The threat picture, in two numbers
The first number is the 115,000 dollar median above. The second explains how attackers get in: stolen credentials and unpatched software vulnerabilities together account for roughly 42 percent of initial access in the breaches Verizon analyzed (verizon.com).
Notice what is missing from that picture: genius hackers writing custom exploits for your specific plumbing company. The two leading attack paths are pattern problems. A stolen password gets used from an unfamiliar location. A known software hole gets probed by automated scanners. Patterns are exactly the kind of thing machines catch well and tired humans miss, which is why AI belongs in this conversation at all.
What AI security tools actually do, and what they never will
Strip away the marketing and AI-assisted security is continuous pattern watching at a scale no small team can staff: every login attempt, every file access, every stretch of network traffic, around the clock. The tool flags the login from a new country at 3 a.m., or the sudden mass download that looks nothing like a normal Tuesday. Most small businesses’ entire after-hours security posture is otherwise one person’s attention, and that person sleeps.
What these tools never do is own the response. When the alert fires, a person still decides whether to isolate the machine, call the bank, or bring in help. The honest framing is that AI extends your team’s attention past the hours a human can stay alert; it does not replace the human whose judgment the business runs on. Any vendor pitching otherwise is overselling.
Three real options, priced from the vendors’ own pages
Bundled endpoint protection. Microsoft Defender for Business costs 3 dollars per user per month standalone, or comes inside Microsoft 365 Business Premium at 22 dollars per user per month paid yearly, which also bundles email security and device management (microsoft.com). The verdict is simple: if the business already runs Microsoft 365, this is almost always the cheapest real upgrade, because it strengthens what you already pay for.
Managed detection and response. Huntress layers 24/7 monitoring with human analysts reviewing the alerts, at 8.99 dollars per endpoint per month at retail, with lower pricing through a managed service provider (huntress.com). The verdict: this is the closest a small business gets to a security analyst on call without creating the job, and it is the option to price when the business handles sensitive customer data.
Unified small-business security platforms. A growing category bundles endpoint, email, and identity monitoring into one per-user subscription in a similar price range. The verdict: compare this category last, not first. The right choice depends on what your existing software vendors already include, and duplicated coverage is money spent twice.
Your first move this quarter
Start with an inventory question, not a purchase: what security is already included in what the business pays for today? For most Microsoft 365 shops the answer changes the shopping list immediately. Then ask any provider you evaluate one question: what happens at 2 a.m. on a Saturday? The answer separates monitoring from marketing. Measure whatever they quote against the 115,000 dollar median ransom from Verizon’s data (verizon.com), and remember the attack surface is wider than your own machines: keeping software patched matters upstream too, which is why AI is now being used to fix open-source security holes before attackers find them, and fraud can reach your customers without touching your systems at all, as the Google AI Overviews scam pattern shows. Price one option this week. The gap these tools close is real, measured, and cheaper to close than to fund a ransom.
Frequently Asked Questions
Is AI-based cybersecurity necessary for a business with fewer than 20 employees?
Verizon’s data shows small and medium-sized businesses are frequent ransomware targets, not an afterthought (verizon.com). A team that size cannot staff round-the-clock monitoring manually, which is exactly the gap these tools are priced to fill.
What is the cheapest real option to start with?
Microsoft Defender for Business at 3 dollars per user per month is the lowest-cost option with genuine enterprise-grade detection, particularly for businesses already using Microsoft 365 (microsoft.com).
Do these tools replace hiring an IT security person?
They cover the continuous monitoring no small team could realistically staff, which is the practical gap. The response decisions, isolating a device, calling the bank, bringing in outside help, stay with a person who knows the business.
What is the single biggest risk these tools are designed to catch?
Credential abuse and exploited software vulnerabilities, which together account for roughly 42 percent of initial access in Verizon’s analyzed breaches (verizon.com). Both show up as detectable patterns, like logins from unusual locations or unpatched systems being probed.
