The threat of cyberattacks on small businesses is growing at an alarming rate. Most small businesses are not prepared against any form of cyber attack nor are they prepared for the recovery it may take after one occurs. As of 2022, cyberattacks are now the biggest risk to businesses – above COVID-19, employee shortages, and financial – in 7 out of 8 countries polled (U.S.A., U.K., France, Germany, Belgium, Ireland, Spain, and The Netherlands). Small businesses are becoming bigger and bigger targets as it’s widely recognized by hackers that they have the least protections in place against being scammed. Remote work as well opened many doors to cyber attacks with businesses still utilizing old systems and not migrating to cloud applications and secure servers.
In a 2022 report by Coalition for Cyber Claims, they state that they are witnessing an 85% increase in claims from cyberattacks. A 2022 survey from Nationwide Agency revealed that around 40% of small businesses surveyed believe that a cyber attack will cost less than $1,000 while 60% surveyed believe recovery would take less than three months time.
However, actual data shows that cyberattacks cost on average between $15,000 and $25,000, plus additional restoration costs, damage to business data, damage to business reputation, and potential legal repercussions and fees. Recovery time average after an attack is around 279 days. CNBC surveys state that the average cost for cyber attacks is closer to $200,000. Coalition reports a loss of around $178,000 per attack. Over 84% of companies affected in the U.S.A by a cyberattack paid a ransom for a cyberattack against their business. The FBI Internet Crime Complaint Center reported, just in 2019 alone, over 467,000 complaints of cyberattacks or internet crime, with a combined monetary loss over $2.5 billion dollars. The Nationwide survey revealed that around 48% of small businesses felt ready against cyberattacks however only 56% report any cybersecurity training within their company, and less than 25% do regular testing of their employees against fraud attempts. Only around 28% were found to have insurance against attacks versus nearly 71% of mid sized companies surveyed.
Common Cyberattacks can be methods such as:
- Phishing: An attack when a malicious email, test, or message is sent to victims. Victims are meant to be tricked into opening these messages and provide personal information or download harmful software onto devices which allows the hackers control.
- Ransomware: An attack, one of the most common, that is used to control files, applications, or networks until the victim pays a monetary ransom. These can be sent as links within emails or messages and are one of the most interrupting and costly style of attack to businesess.
- Malware: An attack utilizing viruses, spyware, adware, trojan programs, and more that are downloaded onto devices when victims click links, download infected items from the internet, or visit websites that are infected.
Nearly 53% of small businesses that have already become victims of cyberattacks stated that they had no idea what to do or how to recover any data from their business. Those affected continue to say at a 6 in 10 ratio that their finances were heavily impacted. In another 2022 survey from Travelers Insurance, 93% surveyed believed their small businesses were ready for a cyberattack, however over 50% did not have any actual measures in place against cyberattacks or were familiar with protections but had not implemented any.
- Email Filtering and Anti-Phishing Training
- Vulnerability/Patch Management
- Multi-Factor Authentication Disable RDP Access
- Password Management
- Privileged Access Management
- Monitoring and Response
- Tested and Segregated Backups
- Incident Response Plan
- And more with their new 2022 policy amendments