3 min read

Small Businesses are More Likely to be Targets of Cyber Attacks

Small Businesses are More Likely to be Targets of Cyber Attacks

Researchers at Barracuda Networks analyzed millions of emails across thousands of companies in 2021 and found that on average, an employee of a small business with less than 100 employees will experience 350% more social engineering attacks than an employee of a larger organization.


Cybersecurity Risk for Small Business


According to the report from Barracuda Networks “The smaller the organization, the more likely their employees are to be targets for an attack. SMBs are an attractive target for cybercriminals because collectively they have a substantial economic value and often lack security resources or expertise.”


And healthcare and banking industries are particularly at risk as they store massive amounts of PII (personally identifying information) and financial information.


On average, cyberattacks on small businesses cost around $25,000 in damages but can reach much higher numbers if not dealt with quickly. There’s also the cost of repairing your business reputation and lost trust, as well as the downtime and legal fees that may come with it.


61% of small to midsize businesses (SMB) reported at least one cyberattack during the last 12 months. And a study by CISCO revealed that 40% of those experienced over eight hours of downtime; as a result, causing significant financial damage. According to research by Cybersecurity Ventures, 60% of small businesses go out of business within six months of a security breach.


Cybersecurity Threats Surrounding Small Businesses


Email threats, phishing scams, and social engineering tactics are very common in cyberattacks against small businesses. 


SMB Cybersecurity


  • Social Engineering and Phishing Scams

Social engineering, mostly involving phishing scams, is one of the biggest threats facing small businesses.


Phishing attacks are usually a fake email posing as a well-known brand or service, such as Microsoft 365, with the goal of tricking the victim into clicking the phishing link and providing login credentials. Once they have access to a company’s account, they can spread ransomware or malware from within.


According to the report from Barracuda Networks, 51% of social engineering attacks are phishing.


SMBs are targeted with the following attack types:

    • 51% are phishing attacks

    • 37% are scams

    • 9% are business email compromise attacks

    • 2% are extortion attacks

    • <1% are vendor email compromise (also called conversation hijacking) attacks



  • Business Email Compromise (BEC)

Business Email Compromise (BEC) has been the largest source of fraud for several years despite ransomware attacks grabbing most headlines. 


According to the FBI’s 2021 annual report, BEC remains the biggest source of financial losses, which totaled $2.4 billion in 2021, up from an estimated $1.8 billion in 2020.  "In 2021, BEC schemes resulted in 19,954 complaints with an adjusted loss of nearly $2.4 billion," said Paul Abbate, deputy director of the FBI, in an introduction to the report. "In 2021, heightened attention was brought to the urgent need for more cyber incident reporting to the federal government."


Business Email Compromise


  • Ransomware and Double Extortion

Ransomware and double extortion attacks are also becoming a major concern for small businesses. In a double extortion attack, bad actors infect an organization’s network using ransomware, which encrypts the company’s files.


The fraudsters then demand ransom in exchange for decrypting the data, but if the organization refuses to pay up, the bad actors threaten to publish the information. Even if an organization has strong security measures in place to restore their data, the threat of data exposure may still force them to pay the ransom.


CipherTrace data suggests that there has been “a nearly 500% increase in these attacks in the last year. On average, these attacks are increasing nearly 200% quarter over quarter.”


  • Lack of Cyber Hygiene

Another threat is poor employee cyber hygiene. Weak passwords, not changing passwords frequently, and a lack of multi-factor authentication are still common causes of security breaches for SMBs.

Additionally, employees that fall prey to social engineering tactics do not have much, if any, cybersecurity awareness training.


SMB cybersecurity


Cyber Security Statistics for Small Business Owners


Here are some important cybersecurity statistics to open your eyes to the vulnerability small businesses face with today’s modern cyberattacks.

  1. 43% SMBs do not have any cybersecurity plan in place.


  2. Many small business owners in America worry little about cyber security. For example, 56% weren’t concerned about becoming a data breach victim in 2022. And 24% of them said they were “not concerned at all.”


  3. Many people fail to use multi-factor authentication (MFA). Twitter, recently revealed that only 2.3% of its users had activated MFA. 


  4. 91% of small businesses haven’t purchased cyber liability insurance.


  5. 83% of small and medium-sized businesses are not financially prepared to recover from a cyberattack.


  6. Only 37% of small businesses report having a dedicated IT or cybersecurity team.


Small Businesses Must Strengthen Their Cybersecurity Posture


Any organization entrusted with customer data must take cybersecurity seriously. Not only are data breaches expensive, but they can also ruin an organization's reputation.


Implementing cybersecurity tools and techniques does come with added costs, but the cost of a successful cyberattack can be enough to put a small company out of business.


Every company, no matter its size, need to take steps to tighten its cybersecurity posture in 2022.  Invest in solid cybersecurity infrastructure, be prepared and create an incident response plan, train your team on security awareness, and get cyber insurance for your business.


New call-to-action


Teknologize is a SOC 2 certified, Professional Technology Services company with clients throughout the Pacific Northwest. We have offices located in:

  • Tri-Cities, Washington 509.396.6640
  • Yakima, Washington 509.396.6640
  • Bend, Oregon 541.848.6072

Questions about your IT or Cybersecurity? Give us a call today!

Undetected Threats: A Lesson from UnitedHealth’s Ransomware Attack

Undetected Threats: A Lesson from UnitedHealth’s Ransomware Attack

In recent months, a significant cybersecurity breach at Change Healthcare, a payment-processing company under UnitedHealth Group, has highlighted a...

Read More
Cybersecurity Tips for a Hack-Free Vacation

Cybersecurity Tips for a Hack-Free Vacation

Summer is a prime time for business owners and employees to take a much-needed vacation. Despite activating the “out of office” email responder, many...

Read More
How Poor Tech Support is Holding You Back

How Poor Tech Support is Holding You Back

In today's fast-paced business world, reliable technology is crucial. Many companies, however, find themselves hindered by inadequate tech support....

Read More