Cyberattacks and Small Businesses: A Lethal Combination

women with clsoed sign

Written by: Matt Kunkel

Reviewed by:
Updated: May 01, 2023

Table of contents

What does a cyber attack mean to a business? 

The answer may depend on the size of the business targeted, according to Accenture’s Cost of Cybercrime report. Now in its ninth year, the study combines research across 11 countries in 16 industries—including interviews with 2,647 senior leaders from 355 companies to examine the economic impact of cyberattacks in the real world.

The large-scale megabreaches like those that hit Marriott and DoorDash grab headlines, but the issue is by no means limited to the companies with the deepest pockets. In fact 43% of cyberattacks are aimed at small businesses, according to Accenture’s report. Just 14% are prepared to defend themselves.

While the damage to  large companies is greater in absolute terms, small companies aren’t spared from the dire results of a cyber attack. In some ways, the results are even more catastrophic: attacks cost small businesses $200,000 on average, enough to put a great many out of business for good. Sixty percent of small businesses are forced to close their doors within six months of a cyber attack, according to the report. 

Bottom line: for the 30.2 million small businesses in America today, the objective isn’t just to escape fines and minimize damages—it’s to make sure you’re equipped to stay afloat.

A Knockout Blow

More than half of all small businesses suffered a breach in the last year—and 4 in 10 suffered more than one—according to insurance carrier Hiscox. If 60% of small businesses go out of business within just six months of a cyber attack, cyber breaches forced the closure of more than 30% of small businesses just in the last year. 

The news gets worse. The frequency of attacks is also increasing. Attackers are getting smarter, attacks are occurring faster, and incidents are becoming more complex—all adding up to increased harm for the victims of data breaches. 

What’s more, given that digital threats tend to go an average of 101 days before being detected by business operators, the damage to an organization from such compromises can quickly add up. However, considerable as they are, these charges do not factor in additional damage to intangible assets such as brand reputation and customer goodwill. 

In an age of ongoing digital transformation, cybercrime has quickly become today’s fastest-growing form of criminal activity. It’s set to cost all businesses $5.2 trillion worldwide within five years, according to Accenture. Clearly, small businesses are not excepted from this trend, so they need to start preparing now.

Small Businesses Need to Think Like Big Businesses

The report shows that small businesses are lagging behind their larger counterparts in the fight against cyberthreats.  

This is not surprising: cybersecurity is expensive. Regulatory compliance, attorney fees, technology, and preventive costs can quickly compound. Still, owners need to start making high-tech security a top priority. 

The reason is simple: virtually every modern organization’s high-tech perimeters will eventually be breached. It’s no longer a matter of considering if security threats will arise, but rather thinking in terms of when.

Unfortunately, small business owners have a big hill to climb. According to Keeper Security’s 2019 SMB Cyberthreat Study, 66% of senior decision-makers at small businesses still believe they’re unlikely to be targeted by online criminals. Similarly, 6 in 10 have no digital defense plan in place whatsoever, underscoring the need for heightened industry awareness and education across the board.

There is some good news. Even with 480 new high-tech threats now introduced every minute (according to anti-virus provider McAfee), something that’s easier to control—human error—still remains one of the greatest threats to organizations’ well-being. These include relatively low-tech efforts like email phishing schemes and password spoofing. Unfortunately, just 3 in 10 employees currently receive annual cyber security training—well within the reach of all small businesses.

Historically, small businesses have not been the first to adopt new technology to help them combat cyber threats. This owes partly to the significant upfront cost of most legacy GRC solutions, which primarily are targeted to enterprise clients. In addition, many small business owners aren’t aware of the benefits that flexible technology can offer them as they grow. Today, a new crop of Agile GRC solutions including LogicGate is emerging to help small and medium sized businesses adapt to the new reality.

Where to Start

Thankfully, there are a few steps small business owners can take to put themselves in the best possible position to fend off a cyber attack. These include: 

  1. Be proactive: Put strong plans in place—before it’s too late
  2. Hire the right people
  3. Get the timing right
  4. Don’t forget the customer
  5. Put the right solutions in place
  6. Test, test, test

Improving data breach response plans, automating processes, and keeping key personnel up-to-date are no small tasks. You’ll want a central location where you can document your breach response plans and processes. Waiting until a crisis hits is not the approach for strategy and planning — you want your security team focused on executing your response plans. LogicGate’s Cyber Risk & Controls Compliance solution empowers risk professionals and entire organizations to prepare for and respond to data breaches, ultimately reducing potential risks and costs, and enabling your business to focus on business.

To learn more about LogicGate's Cyber Risk & Controls Compliance solution, check out the brochure.



Related Posts