When faced with a cybersecurity incident, most large enterprises have well-planned and well-rehearsed procedures, but the majority of small to medium-sized businesses do not.