The Average Cost of a Cyber Attack on a Small Business is More than $25,000


When it comes to cyber attacks, small business doesn’t mean small costs. Over the past 12 months, the average financial cost of cyber attacks to a small US business is $25,612.

This statistic was unveiled by the Hiscox Cyber Readiness Report 2021.

Hiscox, the international specialist insurer, surveyed over 6,000 professionals from the US, UK, Belgium, France, Germany, the Netherlands, Spain, and Ireland. The participants were all responsible for their business’s cyber security. The study found that 23% of small businesses had suffered at least one cyber attack in the last 12 months.

Out of the 590 US small businesses surveyed, the average cost of cyber attacks is $25,612.

Cost of Cyber Attack to Small Business is $25,000+

Cyber security has long been one of the most challenging issues for small businesses. Pre-pandemic reports showed that by 2019, the growth of cybercrime would cost the global economy more than $2 trillion.

The Covid-19 pandemic, which has forced many businesses to operate remotely, has created an even bigger breeding ground for cybercrime. Hiscox’s study reveals that 63% of the small business workforce is now working remotely. 53% of small businesses in the US believe they are now more vulnerable to cyber attacks.

What Can Small Businesses do to Protect Themselves

While in the current remote working climate small businesses may be more vulnerable to falling victim to cybercrime, there are steps they can take to alleviate the risks.

As Meghan Hannes, Cyber Product Head for Hiscox USA comments: “Small business can mean big business for cyber criminals. We know the financial impacts of cyber attacks can be substantial, and small businesses are increasingly feeling ‘cyber stress’. The good news is, there are measures businesses can take to help mitigate the risk.”

According to Hiscox, a critical step in minimizing vulnerabilities is to secure company servers, which are the most common point of entry for cyber criminals.

Involve All Employees in Cybercrime Prevention

Employees at all levels of the business should be educated and involved in cybercrime prevention. Cyber security should be part of a business’s formal budgeting process.

Intrusion detection and ongoing monitoring should be included on all critical networks, Hiscox recommends. As should utilizing alerts when using both automated monitoring and manual logging.

A plan for all cyber security incidents should be created, from detection and containment to notification and assessment.

Hiscox’s report confirms that with new working practices making small businesses more vulnerable to cyber threats and attacks, it is more critical than ever that businesses have robust procedures in place to mitigate the risks.

Image: Depositphotos

More in: ,

Gabrielle Pickard-Whitehead Gabrielle Pickard-Whitehead is a staff writer for Small Business Trends and has been a member of the team for 7 years. She is based in the United Kingdom and since 2006, Gabrielle has been writing articles, blogs and news pieces for a diverse range of publications and sites. You can read "Gabrielle’s blog here.".