The threat of cyberattacks on small businesses is growing at an alarming rate. Most small businesses are not prepared against any form of cyber attack nor are they prepared for the recovery it may take after one occurs. As of 2022, cyberattacks are now the biggest risk to businesses – above COVID-19, employee shortages, and financial – in 7 out of 8 countries polled (U.S.A., U.K., France, Germany, Belgium, Ireland, Spain, and The Netherlands). Small businesses are becoming bigger and bigger targets as it’s widely recognized by hackers that they have the least protections in place against being scammed. Remote work as well opened many doors to cyber attacks with businesses still utilizing old systems and not migrating to cloud applications and secure servers.
In a 2022 report by Coalition for Cyber Claims, they state that they are witnessing an 85% increase in claims from cyberattacks. A 2022 survey from Nationwide Agency revealed that around 40% of small businesses surveyed believe that a cyber attack will cost less than $1,000 while 60% surveyed believe recovery would take less than three months time.
However, actual data shows that cyberattacks cost on average between $15,000 and $25,000, plus additional restoration costs, damage to business data, damage to business reputation, and potential legal repercussions and fees. Recovery time average after an attack is around 279 days. CNBC surveys state that the average cost for cyber attacks is closer to $200,000. Coalition reports a loss of around $178,000 per attack. Over 84% of companies affected in the U.S.A by a cyberattack paid a ransom for a cyberattack against their business. The FBI Internet Crime Complaint Center reported, just in 2019 alone, over 467,000 complaints of cyberattacks or internet crime, with a combined monetary loss over $2.5 billion dollars. The Nationwide survey revealed that around 48% of small businesses felt ready against cyberattacks however only 56% report any cybersecurity training within their company, and less than 25% do regular testing of their employees against fraud attempts. Only around 28% were found to have insurance against attacks versus nearly 71% of mid sized companies surveyed.
“While we often hear about data breaches at large corporations, many cyber criminals have set their targets on small businesses that are more vulnerable and often lack the protections and resources larger organizations can afford,” said Peter McMurtrie, president of Commercial Lines at Nationwide. “It’s critical in today’s digital age for businesses of all sizes to have protections in place to safeguard sensitive information and prevent a breach from jeopardizing their future.”
Common Cyberattacks can be methods such as:
- Phishing: An attack when a malicious email, test, or message is sent to victims. Victims are meant to be tricked into opening these messages and provide personal information or download harmful software onto devices which allows the hackers control.
- Ransomware: An attack, one of the most common, that is used to control files, applications, or networks until the victim pays a monetary ransom. These can be sent as links within emails or messages and are one of the most interrupting and costly style of attack to businesess.
- Malware: An attack utilizing viruses, spyware, adware, trojan programs, and more that are downloaded onto devices when victims click links, download infected items from the internet, or visit websites that are infected.
Nearly 53% of small businesses that have already become victims of cyberattacks stated that they had no idea what to do or how to recover any data from their business. Those affected continue to say at a 6 in 10 ratio that their finances were heavily impacted. In another 2022 survey from Travelers Insurance, 93% surveyed believed their small businesses were ready for a cyberattack, however over 50% did not have any actual measures in place against cyberattacks or were familiar with protections but had not implemented any.
“Cyberattacks can shut down a company for a long period of time or even put it out of business, and it’s imperative that companies have a plan in place to mitigate any associated operational and financial disruptions. Effective measures that have proven to reduce the risk of becoming a cyber victim are available, but based on these survey results, not enough companies are taking action. It’s never too late, and these steps can help businesses avoid a devastating cyber event.”
- Email Filtering and Anti-Phishing Training
- Vulnerability/Patch Management
- Multi-Factor Authentication Disable RDP Access
- Password Management
- Privileged Access Management
- Monitoring and Response
- Tested and Segregated Backups
- Incident Response Plan
- And more with their new 2022 policy amendments