Are Advanced Persistent Threats a concern only for large organizations?
yes they are, to simplify the term:
"does using a mortar continuously against the same building is a concern?"
APT are very specific deployed attacks defined by several characteristics and by a duration.
it start by probing a chosen target (mostly corporations/govs/agencies/public infrastructures because they have valuable datas) looking for vulnerabilities and if some are discovered , to exploit them (via the use of various vectors/skillsets/tools) with the minimal footprints possible.
once the penetration is successful, the duration of the APT is then engaged, knowing that longer you sit on a target , easier you will be discovered; if the attack just involve some particular data retrievals , the APT is rarely discovered (or discovered too late). if the attack's purpose is to stream-retrieve infos at long term , the skillset and tools have to be very sophisticated and stealthy.
once the goal is reached , the traces have to be erased to cover a potential new penetration to the same target later.
final Note : yes APT are a major concern to corporations