This study was prompted by the scarcity of focused quantitative research on the cybersecurity of SMBs. Our research aimed to understand the factors influencing SMBs' approach to cybersecurity, their level of threat awareness and the importance placed on cybersecurity. It also explored the extent to which NIST CSF practices are implemented by SMBs while also detecting and ranking the prevalent challenges faced by SMBs. Additionally, resources that SMBs turn to for help and guidance were also evaluated. While the survey-based study was on Western Australian SMBs, the results are of more general and wider interest. Our study found the lack of funds to be the biggest hindrance to cybersecurity, along with a lack of knowledge on where to start implementing good security practices. SMBs also lacked familiarity with relevant regulations and frameworks. The study highlights areas for improvement, such as access control mechanisms, individual user accounts, formalised policies and procedures, and dedicated budgets. SMBs heavily rely on Google search for cybersecurity information, emphasising the need for optimised search results from authoritative sources. IT service providers and informal networks also emerge as important sources of cybersecurity guidance, while local universities could assist SMBs but remain underutilised in this regard. Interestingly, factors such as organisational size, industry sector, and revenue level did not significantly impact SMBs' perception of vulnerability to cyber threats. However, further investigation is needed to evaluate the effectiveness of different IT service models for SMBs' cybersecurity needs. Overall, the research provides valuable insights into the specific gaps and challenges faced by SMBs in the cybersecurity domain, as well as their preferred methods of seeking and consuming cybersecurity assistance. The findings can guide the development of targeted strategies and policies to enhance the cybersecurity posture of SMBs.