The Catastrophic Cost of Cyber Attacks on Small Businesses

More than 40% of all cyber attacks target small businesses. Unfortunately, fewer than 15% of those businesses have appropriate cyber security defenses in place. What makes these statistics more concerning is that cyber breaches now cost companies an average of more than $200,000. Many small businesses could not survive the cost of an attack.

What’s the Cost of a Data Breach?

Over the past year, more than 50% of small businesses suffered some form of data breach. As a result, small businesses facing this dramatic increase must embrace new approaches to cyber defense. Until recently, small and midsized business (SMB) owners didn’t believe their companies were lucrative enough or important enough to be on a hacker’s radar. But all businesses store private employee data, bank documents, tax information and proprietary data, and they often have access to other companies’ networks. Like all predators, cybercriminals attack targets with the most vulnerabilities. Without appropriate cyber security, any device that is part of a wireless network presents a potential entry point for cyber attacks on small businesses.

Q: What are the main financial impacts of cyberattacks on small businesses?

A: The cost of cyberattacks on small and midsized businesses goes beyond immediate hits. They often face downtime, lost revenue, the costs of forensic investigations, legal services and regulatory fines. Additionally, businesses may have to spend heavily on upgrading their cyber security infrastructure afterward. They also suffer the loss of customer trust, which can reduce long-term earnings.

A Case Study

A New York City-based accounting firm has offices in Atlanta, Chicago and Austin, Texas. However, for the first 10 years of the firm’s existence, its only office was in New York. Other than an anti-virus program and password protection, the partners felt the New York office was its own ecosystem and insulated from the cost of cyber attacks.

However, when the firm opened its satellite offices, nobody put sufficient thought into reevaluating the company’s cyber defenses. At the same time, more of the firm’s employees began to work remotely. Together, the moves dramatically increased the vulnerability to cyber threats.

One of the partners, based in Atlanta, was at the airport. During a delay, she spent several hours working online through her phone and laptop. She was logged onto her company network using the airport’s WiFi. Little did she realize that she had been hacked more than an hour earlier. Already, several of her coworkers in the New York office were having network issues. Although some alerts came up, they were insufficient to convey the magnitude of the data breach. Private financial information had been compromised.

Several of the firm’s clients who had more advanced cyber security in place for their own networks were able to stop the invasion before suffering the cost of a data breach. However, several smaller clients became victims and began to have their own system failures. Within two years, the accounting firm had spent so much money on legal fees, court costs, lawsuit settlements and IT consultants that it had to close all offices except for the original headquarters in New York.

Any device connected to your network through a WiFi connection is a target for cybercriminals and must be protected. However, public WiFi connections are particularly vulnerable to cyberattacks. Airports, train stations and other public places might offer free WiFi, but when your data is put at risk, the connections could be far from free. Hackers know that the average user does not understand the cost of a data breach and is cavalier about logging on to public WiFi connections. In high-traffic public places, hackers are often armed and ready to take advantage of users connected to unsecured networks. At any given moment, cyber attacks on small business are taking place while employees are traveling or using open WiFi. With appropriate cyber defenses, you can limit the risk to your small business’s network and hard-earned data wherever you log on.

Q: Why are small businesses especially vulnerable to the high cost of cybercrime?

A: Small companies often lack dedicated IT security staff or the budget for strong cyber security defenses. This makes them an easy target for cybercriminals, who exploit outdated software, weak passwords and poor security practices. Once attacked, many small businesses struggle to cover the financial fallout, as they typically don’t have cyber insurance or emergency funds set aside for such incidents.

What’s the Best Insurance Against a Cyber Attack? Never Have One.

According to the FBI, “The best insurance against a cyber attack is never to have one.” Companies that have not yet fallen victim to a cybercrime, should take steps to protect their data. You might already have some protective measures in place, but, as cybercrime increases and your business adds more connected devices, your network surface attack area grows, too. One way to counter those threats is using a cyber security firm to provide a professional cyber risk analysis of your IT system and network to ensure you have adequate protections in place.

Q: What can small businesses do to reduce the financial risks of cybercrime?

A: To reduce financial risks, small businesses should invest in basic cyber security measures, such as using a password manager, regularly updating software, training employees on security awareness and cyber hygiene and regularly backing up data to an offsite location. Purchasing cyber liability insurance can also help offset the financial burden in case of an attack. Proactively managing cyber risks can greatly reduce the likelihood of costly incidents and help ensure business continuity.

How Can Companies Best Protect Valuable Business Data?

Cyber security firms specialize in preventing cyber threats and have an array of solutions to protect against cybercrimes. They work with small and midsized businesses to establish cyber security best practices and help ensure confidential data has the best protection possible and that all users are on the same security page. Companies bound by strict compliance and privacy laws, such as law firms, medical practices and financial service institutions, have additional regulations to follow and must take additional steps to avoid data breaches.

Cyberattacks can have devastating financial and reputational consequences and take months or years to recover from. Reach out to us if you are in the greater New York City area, or contact a local cyber security firm to assess your individual risks and work with you to ensure you have the best protection solution for your business.