December 7, 2022

A cybersecurity wake-up call for small businesses

Updated May 7, 2024

As a small business owner, you probably know someone whose business has been hacked. Or you will soon. Cyberattacks on small businesses have been steadily increasing, and this trend has only accelerated over the past couple of years. One attack can lead to business disruption for months, extreme costs and in some cases, bankruptcy. The good news is that you can prevent and/or survive an attack. Take these essential steps now to boost your company’s cybersecurity.

What the research shows

Recent data compiled by Statista demonstrates the growing number of cyberattacks on small businesses around the world. According to this research, the average cost of a data breach in the United States was $9.48 million, as of 2023. The global average was $4.45 million. Additionally, Tripwire.com reports on a study by the Identity Theft Resource Center (ITRC) that found a drastic increase in cyberattacks on small businesses — 73% of small businesses experienced data breaches or cyberattacks in 2022.

An earlier study, conducted for MasterCard, found that data breaches at small businesses increased by more than 150% during 2020 and 2021, compared with the previous two years. Additionally, IBM found, in its own study, that 52% of small businesses were victims of a cyberattack in 2020. That number is only going up, according to the experts.

To compound all of this, a survey of small businesses conducted by Nationwide revealed that small business owners underestimated (1) the amount of damage hackers can do, as well as (2) the amount of time it takes to recover from an attack. Specifically, 40% of small business owners expect a cyberattack to cost less than $1,000 and 60% think it would take less than three months to recover. In reality, the average cost of a cyberattack ranges from $15,000 to $25,000 and takes an average of 279 days to recover. Obviously, a business can go bankrupt in that amount of time, with that amount of expenditure.

Why small businesses are especially vulnerable to cyberattacks

The COVID-19 pandemic saw a huge surge in conducting business online. The lightning-fast pace of both online startups and migrations to online platforms, as well as companies enabling workers to telecommute during the pandemic and beyond was a boon for cyber attackers. As more and more small businesses began some sort of work-at-home option, they opened up new opportunities for cyber criminals to exploit security weaknesses, according to Security Magazine.

But workers are not much safer in the office. Hackers used to focus on larger companies. Now they realize how much easier it is to hack into small businesses for the low-hanging fruit, easily accessing personal information, company financial  accounts and other data.

Why is that? Many small businesses lack the funds, technical skills and time necessary to provide adequate cybersecurity. Most are not IT experts. They may rely on occasional help from an outside IT professional. Small business owners are often just focused on getting by — keeping up with tasks, meeting operational expenses and seeking new business. They may feel there’s not enough time during the day to get rigorous about cybersecurity.

However, that doesn’t mean the worry isn’t there. A recent survey of small businesses found 69% are concerned about being the victim of a cyberattack. Instead of worrying about it, small businesses can take action now to protect employees, programs and data.

Address cybersecurity problems now

Lack of resources, technical knowledge and time are all issues that can be addressed.

Start with the lack-of-time problem. Acknowledge the critical importance of making time to prepare for and prevent cybersecurity problems. You can literally schedule cybersecurity checkups and employee training into your monthly workload to give cybersecurity the attention it requires.

Next, take the following steps to learn the extent of any cybersecurity issues and get to work on dealing with them.

1. Call in a professional to assess your risks. Contact your local chamber of commerce, trusted friends or fellow business owners to help you find the right tech expert to identify your weak spots.

2. Follow best practices and require employees to do so as well. For starters, implement these essential online behaviors and practices, recommended by the Federal Trade Commission.

3. Get a plan for data recovery and business continuity should your computers go down. Your IT professional should be able to recommend and/or create a plan to address your vulnerable systems and processes. Be sure to implement the plan!

4. Require regular training to help employees improve their online skills. Employees are critical partners in recognizing and preventing online fraud and cyberattacks. Whether your staff are primarily working in an office or your workers clock in remotely, it’s more important than ever to provide training in employee computer literacy and online safety. If your budget is tight, free resources are available through the Federal Trade Commission.

5. Make sure you have the right kind and amount of cyber insurance coverage. (Learn more here.) Contact your Bradish agent for help deciphering what kind of protection you need. Make sure you have a sufficient level of coverage to protect your assets.

It’s time for a cybersecurity wakeup call for small businesses. It goes without saying that a cyberattack could easily lead to a serious financial hardship or even bankruptcy. The best way to protect your employees’ information, your clients’ data, and your company’s assets is to boost your cybersecurity before the hackers strike. You’ve got this!

by Kris A. Mainellis