Small Businesses Are Leaving Themselves Vulnerable to Cyber Attacks

In the wake of the pandemic, small businesses aren’t just facing obvious challenges like recruiting and retention — they’re also fighting against cybersecurity threats that they can’t see, and aren’t prepared to manage. 

Cybersecurity risks don’t discriminate between small and large businesses, yet 51% of small businesses don’t have cybersecurity measures in place, according to a March 2022 survey from, an online small business and e-commerce resource site. Over one third aren’t concerned about their virtual safety, claiming that their business is “too small” to be a target. But that could not be further from the truth, says Dennis Consorte, subject matter expert for small businesses at 

“A small business should put more effort into their cybersecurity,” Consorte says. “They could be seen as a target because they're a small business that doesn't have the kind of budget allocated to cybersecurity that a much bigger organization would have.” 

One in five online small businesses has been the victim of a cyberattack this year, the survey found. But still, only 21% of those without security measures in place are actively developing cybers reinforcement. Nineteen percent of surveyed small businesses claimed implementing cybersecurity initiatives were too expensive. But should this trend continue, the potential threats could cost them much more than the price of better software. 

“This is a serious problem — both for potential revenue losses and the safety of their customer,” Consorte says. 

The average cost of a malware attack for any given large company is over $2.5 million, according to cybersecurity testing platform company Cobalt. Albeit expensive, most large companies have the funds to fix the issue should it arise. Small businesses, on the other hand, don’t have the resources to cover an expense of that size, meaning that a cybersecurity attack could permanently shut down a small operation.

“Think about the losses that you incur, first in terms of lost revenue when your systems are down while you're trying to repair the problem,” Consorte says. “Next, think about the threat of losing your customer base when you inevitably must share what happened — that your customers suddenly had their secure data exposed on the dark web.”

Unlike large businesses, who have the luxury of outsourcing experts or tech to handle delicate customer information and processes such as credit card transactions and billing information, small business owners are often juggling that themselves, consequently putting themselves at a much larger risk. 

But taking preventative measures — for an owner’s business and their customers —doesn’t have to be a bank-breaking endeavor, according to Consorte. It can be as simple as making sure that a company’s firewall is set up correctly on their server, making sure that there’s antivirus software on their networks and on workers’ devices, as well as training a team on basic security like phishing emails. 

“Yes, it can be very expensive,” he says. “But there are still measures that small businesses can take every day to at least reduce the likelihood of harm.”

Source: Paola Peralta, Associate Editor, Employee Benefit News