Think SMBs Fall Under the Radar as Targets for Cyber Threats? Think Again.

Featured On

EntrepreneurForbesBuisiness InsiderAxios

Cybersecurity breaches only make the headlines when they involve large entities like banks or tech companies, but in actuality, small and medium-sized enterprises are at risk too, and sometimes the damage from these risks is fatal for the SMB.

Fact: 58% of the victims of cybersecurity breaches are categorized as small to medium size businesses. (2018 Verizon Breach Data Investigations Report)

What makes SMBs so vulnerable?

While the potential benefits of attacking a large business are considerably larger than the benefits that can be achieved by attacking SMBs, SMBs present a greater opportunity for success simply because they are easier to breach. Here’s why:

Small and medium-sized businesses tend to think they’re unlikely to be a target or simply underestimate the impact that an attack can have on a business, causing them to forego implementation of security countermeasures.

SMBs typically lack the budget necessary to implement a robust cybersecurity plan, so they are not well-equipped in terms of software, technology or personnel and therefore unprepared to defend themselves against cyber threats.

The staff at SMBS is often woefully unaware, uneducated, and untrained about cybersecurity, which decreases the SMB’s ability to effectively mitigate against cyber attacks.

SMBs often lack a detailed strategy that specifies how they will respond to a cyber-attack; a great deal of the damage caused by cyber-attacks is a result of failing to have detailed security countermeasures in place.

Even when an effort has been made to establish security countermeasures, the security infrastructure is often minimal, or the business relies on too many security vendors, which complicates the security infrastructure.

Fact: In 2018, 2 out of 3 all cybercrimes in the U.S. targeted small-to-medium sized businesses. (U.S. Small Business Administration)

The Costs

Some SMBs might find the cost of cybersecurity prohibitive, but the cost of not having cybersecurity after they’ve been attacked can be devastating. According to, an average data breach will cost an SMB $120K, and that figure doesn’t even include the cost of breach recovery, which Kaspersky Lab Report reports as approximately $149K, or damage to the business’ reputation.

Another potentially crushing cost to SMBs when they’ve been attacked is the cost of cyber attack remediation. Remediation costs come into play when hackers use the SMB as a backdoor into larger companies, their primary targets. These costs can be ruinous for small to medium-sized enterprises.

Fact: 60 percent of the small and medium-sized businesses that were hacked go out of business after six months.

But the outlook is not all bleak…

SMBs can protect themselves; in fact, the processes and procedures used to protect a company’s data don’t even cost that much and they’re highly effective. Below is a list of some crucial measures that SMBS can implement to protect themselves:

  1. Make cybersecurity part of your overall business plan and budget sufficient resources for implementing a robust security plan.
  2. Have a disaster recovery plan in place in case you are attacked such as saving data to a server and then backing up that data on another location. If possible, use a cloud backup solution, which is considered to be the most secure option for businesses.  And make sure the backup is done automatically – don’t rely on employees to do it themselves. Data restore capabilities are another important aspect of the recovery plan. SMBs need restore solutions that are fast and easy to do, and they should allow you to recover your data up to the moment before the attack.
  3. Raise the awareness and vigilance level of your employees by training them about cyber risks and threats, and their implications.
  4. Choose an antivirus solution that covers all attack routes and stops threats in real-time. This means taking a layered approach to security. Antivirus protection should include the following features:

This means taking a layered approach to security. Antivirus protection should include the following features: 

Continuous anti-virus and anti-malware scan that identifies viruses and other threats; real-time protection against new threats; threat removal capabilities that eliminate malware and other cyber threats to your business; camera and microphone protection; tracking protection that stops and prevents cookies, scripts and trackers that follow and invade company data; ransomware protection that blocks malicious files and guards against encryption attempts; a high-grade network firewall that protects all company computers at the network’s edge as well as a built in firewall enabled on each computer; secure browsing to guard against malicious URLs.