Re: Size matters
To some degree the main difference is a "larger" organisation will typically have some or all IT support in-house and as a result typically will have policies for networking, patching, backups, etc, that are planned around good practice.
I say "typically" as we regularly see the big boys being shafted and often due to lax practices...
But the SME lot usually have no real IT support internally, maybe some bod whose job it is to arrange support/purchase, etc. And as already pointed out, you get many differing categories of user and business with the vast majority being based around folk with no real computing expertise. And no, being able to use an excel macro is not computer expertise! Hence solutions of using differing software, OS, network segmentation, etc, that would be argued about by the legions of commentards means absolutely nothing to them.
Most of what is needed to get SME in to a safer area therefore requires such expertise and that means paying folk to help set up stuff, train staff, deal with incidents, etc. Sadly that is seen as a pointless expense by many until they get shafted.