According to a new report from cybersecurity provider CyberCatch, most small and mid-sized businesses would not survive a ransomware attack. In addition to lacking security measures, the companies possess little financial and technical resources to help them recover from the aftermath of an attack. CyberCatch conducted a survey in collaboration with market insights company Momentive. The survey was designed to question small and mid-sized businesses to assess their susceptibility to a ransomware attack. The survey incorporates responses from 1,200 businesses located in the US and Canada, each containing fewer than 500 employees.

Among the 1,200 businesses surveyed, 30% responded that they did not have a written incident response plan in place to handle cybersecurity incidents such as a ransomware attack. Among the respondents that do have a plan, 35% answered that they last tested it more than six months ago. Roughly one-fifth of respondents stated that they do not have backups of critical data that is vulnerable to being encrypted in an attack. CyberCatch also asked how many days their company would survive following a successful attack. Three-fourths of respondents stated that their company would only last up to one week following an attack. Using the survey results, CyberCatch concluded that most small and mid sized businesses are critically vulnerable to cybersecurity threats.

Read More: Many SMBs wouldn’t survive a ransomware attack