Despite the high prevalence of cybercrime victimization among businesses, only few of these crimes are reported to the police. This study used a sample of 529 Dutch small- and medium-sized enterprise (SME) owners, to examine which characteristics of the offence, the SME, and the SME owner predict cybercrime reporting behaviors. Moreover, the motives to either report cybercrime victimization to the police or not were examined. All respondents were shown three vignettes about fictional cybercrime incidents and were asked how they would react in this situation. Next, they were also asked about their reporting behaviors after actual cybercrime victimization. The large majority of SME owners said that they would report the incidents from the vignettes to the police, but after actual victimization only 14.1% of the cybercrimes was reported to the police. Seriousness and type of offense were the best predictors for cybercrime reporting, with cyber-enabled crimes being more often reported to the police than cyber-dependent crimes. Characteristics of the SME and the SME owner were often not related to reporting behaviors. Victims report cybercrime to the police because they want the perpetrator to be caught and to prevent him from doing the same to others, and they do not report cybercrimes because they think the police will not do anything and rather solve it themselves. When victims did report their victimization to the police, they were often unsatisfied because the police were indifferent and because the problems were not solved. Implications of these results for practice and future research are discussed.