The Rising Threat of Cyberattacks on Small Businesses: What You Need to Know

In the wake of February’s massive cyberattack on UnitedHealth Group, which wreaked havoc on the U.S. healthcare industry with late payments and billing disruptions nationwide, the threat of cyberattacks has never been more palpable. While many business owners already recognize the seriousness of these threats, research shows that despite investments in security, smaller companies continue to be prime targets for an increasing number of online assailants.

The High Stakes of Cyberattacks

The devastating impact of cybercriminals was highlighted in a recent 60 Minutes report on last September’s attack on MGM Resorts. The attack paralyzed computer systems at MGM’s Las Vegas casinos, resulting in $100 million in lost revenue after executives refused to pay a $30 million ransom. Such high-profile cases dominate the news, but small-business owners should not feel secure simply because they think hackers prefer larger targets.

In reality, small businesses have become more attractive to cybercriminals. According to CSO, a specialized cybersecurity news platform, these attacks are happening with increasing regularity. An annual survey by IT security provider Devolutions revealed that 69 percent of small and medium-sized businesses experienced attacks in the past year, a 9 percent increase from 2022. This rise may be attributed to overconfidence, with 80 percent of respondents believing they were well-protected, yet only just over half invested the recommended 6 to 15 percent of their annual IT budget in security.

The Cost of Complacency

The consequences of this misplaced confidence can be dire. Devolutions reports that the average cost of attacks on small businesses ranges from $120,000 to $1.24 million per incident, with 60 percent of victimized companies closing within six months of an attack. Despite these staggering figures, a separate CSO poll found that two-thirds of small companies do not believe they are ransomware targets, resulting in 47 percent lacking sufficient insurance coverage for cyberattacks.

Christopher Hojnowski, product head of technology and cyber at Hiscox insurers, warns that small businesses without adequate cyber coverage may be financially liable for the fallout of an attack. Alarmingly, 27 percent of companies that suffered one attack were hit again, and only half of those that paid a ransom retrieved their data.

Why Small Businesses Are Attractive Targets

Small businesses might wonder why they are becoming more frequent targets for cybercriminals. The answer lies in a combination of factors:

  1. Perceived Easier Access: Many small businesses lack the robust cybersecurity measures that larger corporations have in place, making them easier targets for attackers looking for quick and relatively easy wins.
  2. Valuable Data: Small businesses often handle sensitive data, such as customer information, financial records, and intellectual property, which can be lucrative for cybercriminals.
  3. Limited Resources: Smaller companies often do not have the resources to invest in extensive cybersecurity measures or dedicated IT security staff, making them more vulnerable.
  4. Supply Chain Exploitation: Cybercriminals may target smaller companies as a way to gain access to larger partners or clients in their supply chain.

Given these vulnerabilities, it’s crucial for small business owners to take proactive steps to protect their digital assets and operations.

Strengthening Your Cyber Defenses

So, how can small businesses fortify their defenses? Here are some common mistakes to avoid and steps to enhance cybersecurity:

  1. Recognize Your Vulnerability: Small businesses are attractive targets because attackers can extract more ransom by hitting many smaller companies than a few large ones with robust security.
  2. Prioritize Cybersecurity: Make cybersecurity a top organizational and budgetary priority. Conduct a risk analysis to evaluate how enticing your company’s data and activities might be to potential attackers. Include an assessment of partner businesses that could be gateways for hackers.
  3. Maintain Good Cyber Hygiene: Regularly train employees to recognize and avoid phishing and other external threats. Stress the importance of strong, regularly updated passwords and management tools.
  4. Implement Two-Step Verification: Enforce two-step verification for access to company computers, networks, and devices. Frequently change and securely store administrator passwords.
  5. Regularly Backup Data: Ensure your IT network is regularly backed up and test these backups to verify that your business can access its data if the main system is compromised.

Effective cybersecurity isn’t just about prevention; it’s also about ensuring continuity if preventive measures fail. By addressing these vulnerabilities and prioritizing cybersecurity, small businesses can significantly reduce their risk of falling victim to cyberattacks.

Recognize Your Vulnerability

The first step in fortifying your cybersecurity defenses is acknowledging that your business is a target. Cyberattackers find small businesses appealing because they often lack the sophisticated defenses of larger companies. Additionally, cybercriminals can potentially extract more ransomware profit from hitting many smaller businesses rather than focusing on a few big corporations with better IT security.

Prioritize Cybersecurity

Cybersecurity should be a top priority within your organization. This involves conducting a thorough risk analysis to evaluate how attractive your company’s data, client roster, financial information, and other internal details might be to potential attackers. As part of this process, consider the security posture of partner businesses you frequently network with, as they could be used as a gateway by hackers to infiltrate your organization.

Maintain Good Cyber Hygiene

Good cyber hygiene is crucial for preventing cyberattacks. Regularly train your employees to recognize and avoid phishing scams and other external threats. Emphasize the importance of using and updating strong passwords and deploying password management tools. Employees should be vigilant about not clicking on suspicious links or downloading unknown attachments.

Implement Two-Step Verification

Enforce two-step verification (2FA) for access to all company computers, networks, and devices. This extra layer of security makes it harder for unauthorized users to gain access. Administrator passwords, which often hold the keys to broader company data, should be frequently changed and securely stored separately from other logon credentials.

Regularly Backup Data

Regular backups of your entire IT network are essential. These backups should be tested regularly to ensure that your business can access its data in the event of a cyberattack. A robust backup system allows your business to continue operating even if your main system is compromised.

Develop an Incident Response Plan

An effective cybersecurity strategy includes having a well-defined incident response plan. This plan should outline the steps your business will take in the event of a cyberattack, including how to contain the breach, assess the damage, communicate with stakeholders, and restore operations. Regularly review and update this plan to adapt to evolving threats.

Invest in Cyber Insurance

Cyber insurance can provide a financial safety net in the event of an attack. Ensure that your policy covers a range of cyber threats, including ransomware, data breaches, and business interruption. Adequate coverage can help mitigate the financial impact of an attack and support recovery efforts.

Collaborate with Cybersecurity Experts

Partnering with cybersecurity experts can provide your business with the latest insights and technologies to defend against cyber threats. External experts can conduct vulnerability assessments, offer advanced threat detection solutions, and provide ongoing support to strengthen your cybersecurity posture.

Stay Informed

Cyber threats are constantly evolving, and staying informed about the latest trends and tactics used by cybercriminals is essential. Subscribe to cybersecurity newsletters, attend webinars, and participate in industry forums to keep abreast of the latest developments. Awareness and education are key components of a proactive cybersecurity strategy.


By taking these steps, small businesses can enhance their cybersecurity posture and protect themselves from the growing threat of online attacks. CybrogenIT is here to support you with tailored cybersecurity solutions designed to safeguard your business. Contact us today to learn how we can help secure your digital assets. Remember, effective cybersecurity is an ongoing process that requires vigilance, investment, and continuous improvement. Protect your business today to ensure a secure and prosperous future.

Leave a Reply

Your email address will not be published. Required fields are marked *