Cyber attacks on small businesses: How common are they?

Nerds On Site
Article Written By Matthew Kirkland


Founded In


5-Star Reviews

4.83 / 5

Satisfaction Rating

In the age of information technology, just about anything can happen with a business, and, given how interconnected businesses have become, it’s not uncommon for cyberattacks to take place.

What is less clear is how common these attacks are against small businesses. This blog post will explore some of the latest research on the matter and discuss what small businesses can do to protect themselves from potential cyber threats.

More than half of all cyber-attacks are committed against SMEs.

As reported by CyberSecurityVentures, more than half of all cyber-attacks are committed against small and medium-sized enterprises (SMEs). Cybercriminals will send out phishing emails & scan for vulnerable networks by the tens of millions. They are looking for the easiest target possible and will go after businesses that don’t have adequate security measures to protect against widespread attacks.

Cybercriminals will never decide not to attack you because of your location or business size. Once they have gained access, they will often analyze your business data, including financials, to determine if your data can be sold and how much ransom your business can pay.

Arguably the most sinister problem that businesses will face once they’ve been breached is the attackers will quietly try and siphon data about your Clients or suppliers in the hope of finding a new attack vector to a new victim.

The most worrying statistic that CyberSecurityVentures provided was that 60% of small businesses that get hacked would go out of business within six months.

Cybercriminals do have some preferences.

While some cybercriminals cast wide nets to find targets, some focus on specific industries. Studies show that the favorite targets for cybercriminals over the past seven years are the following ten industries:

  • Healthcare
  • Manufacturing
  • Financial Services
  • Government
  • Transportation
  • Retail
  • Oil & Gas, Energy & Utilities
  • Media & Entertainment
  • Legal
  • Education

You can see why these industries would be attackers’ favorite, offering the potential for detailed consumer data or financial rewards. If your business is amongst these ten industries, you should pay special attention to cyber security.

Cyber attacks on small businesses are getting more frequent

in 2021; organizations received 50% more attack attempts per week than in 2020. This included scanning & exploiting vulnerabilities, phishing attempts, malware, malicious files, and ransomware. This trend has been increasing since 2016.

Only 1 in 7 small business owners are prepared for a cyber attack.

According to Forbes, only 14% of small businesses are ready to defend themselves against targeted attacks. This means the business has adequate cyber security protections, tools, plans & training. In fact, according to the Ponemon Institute’s State of Cybersecurity Report, 55% of businesses don’t have any protection at all, aside from traditional anti-virus.

8 out of 10 small businesses are not financially prepared to recover from a cyber attack

InsuranceBee surveyed over 1,300 SME owners, and the results are nothing short of worrying. The average cost to overcome cyber breaches is over $120,000 per incident. Combine this with the fact that 91% of small businesses do not have cyber insurance, and it’s easy to explain why 60% of companies fail within a year of a breach.

InsuranceBee makes an interesting observation stating that 1 in 4 small business owners do not even realize it may cost money to recover from a cyber-attack. Some of the costs you may incur after an attack can include:

  • Ransom costs
  • Remediation costs
  • Cyber insurance deductibles & premium increases
  • Customer/Vendor credit report monitoring
  • Loss of revenue due to downtime
  • Lost business opportunities or loss of reputation with customers

Nerds On Site Cyber Security Can Help

Nerds On Site has been protecting SMEs from cyber threats since 1995. We service Canada & the United States with a combined 1,000 years of experience. If you need to protect your business with an experienced team of nerds, take a look at our Cyber Security Services.

You May Also Like…