SMBs are increasingly vulnerable to cyberattacks
Of SMBs were the target of some type of cybersecurity attack in the last year
Employees of SMBs experience 350% more social engineering attacks than those at larger companies
of malware attacks target SMBs
SMBs are at an even greater risk of cyberattacks than larger companies
Automated attacks are making it worse, causing thousands of businesses to be targeted at the same time when their defenses are already low. Thankfully, these attacks are easily avoidable as long as businesses understand the simple ways they can mitigate those risks.
Rise in Number of Cyberattacks on SMBs
Sources: State of Cybersecurity in Small & Medium Size Businesses by Ponemon Institute, State of Small Business Cybersecurity report by Hiscox, Cyber Readiness Report by Hiscox
Impact on SMBs
Revenue forfeiture, customer loss, reputational damage, operational disruption, and legal liabilities are just some of the problems that cyberattacks create for SMBs. Enterprises might have the resources to survive these attacks, but for SMBs, even a single attack can bring down an entire company.
Number of days to identify and contain a breach
Source: Astra
Average cost of a ransomware payout for a small business
Source: Cost of a Data Breach Report 2023 by IBM
SMBs face the same attacks as the big guys
Cybercriminals use deceptive emails, messages, or websites to trick employees into revealing sensitive information, such as login credentials or financial details.
  • Humans are usually the target (not technology!)
  • This accounts for 90% of all breaches that organizations face. It’s the strongest threat facing SMBs
Malicious software that encrypts a business's data and demands a ransom for its release.
  • Companies face an average of 21 days downtime

  • 1 in 3 businesses never get their data back
Credential Stuffing
Attackers take advantage of weak passwords or reuse passwords across multiple accounts. They may use automated tools to try stolen credentials on various websites and services, gaining unauthorized access to business accounts.
  • Automated tools to try large volumes of username-password pairs from past data breaches, leading to a high success rate in unauthorized account access

  • Due to users' common practice of reusing passwords, 81% of data breaches in 2020 resulted from credential stuffing attacks
Invoice Fraud
Cybercriminals use deception to trick individuals or organizations into making payments for false or fictitious invoices. A common form is Business Email Compromise (BEC) attack, where attackers impersonate a trusted entity to manipulate victims into taking specific actions, such as making fraudulent payments.
  • Small businesses lost an estimated $905 million due to identity fraud in 2021

  • Identity fraud incidents accounted for nearly 50% of all reported cybercrimes targeting SMBs in 2021
How Organizations Can Lower the Risk
Training & testing for phishing scams
Security policies followed by everyone
Device security
Two-factor authentication
Response planning
Vendor security
What's next?
Cyberattacks are on the rise and SMBs are getting hit hard. With the use of new technologies like AI and automation, attacks will continue to become more widespread and effective. But it’s not all doom and gloom. Government agencies are stepping in to support SMBs with regulations like data loss reporting and FTC safeguards.

We may also see more collective solutions through public-private partnerships. In the meantime, small business owners can start taking action today to defend themselves.

Simple foundational security measures like phishing testing, policies, device management, and 2FA go a long way in shielding SMBs from a majority of threats.