Here’s the Single Largest Cybersecurity Threat to Small Businesses


In the past year, we’ve witnessed some of the most expansive, devastating hacking incidents ever. But that doesn’t mean cybercriminals are only targeting major corporations.

Hackers are steadily placing small businesses directly between their crosshairs.

A 2019 Accenture study found that hackers targeted small businesses 43% of the time. It also found that a measly 14% of those firms were prepared to protect themselves.

Until small business owners wake up and smell the cybercrime, expect these breaches to rise. If you’re a key decision-maker at a small to midsize business, it’s time to educate yourself and your employees.

And there is one tactic that you need to get familiar with, as it’s become many hackers’ favorite way to take advantage of unsuspecting companies.

The Largest Cyber Threat to Small Businesses Is…

Hackers usually don’t breach companies just for the fun of it. Unless it’s the occasional act of vengeance or a symbolic takedown, cybercriminals usually want the same thing as most legit business folks: money.

That’s why ransomware is deemed to be the top threat to small businesses. According to Datto’s Global State of the Channel Ransomware Report, it wasn’t even close.

The cybersecurity company pulled statistics from a survey of over 1,400 managed service providers (MSPs) for their 2019 report. And the numbers don’t lie.

According to the report, 85% of MSPs concluded that ransomware was the most common threat to small businesses in 2019. In fact, in the first half of 2019, MSPs reported that over half of their clients had fallen victim to such an attack.

Ransomware is the top threat to small businesses. | Source: Datto

And sadly, the gap in education between MSPs and small businesses was quite wide.

The study revealed that 89% of MSPs were “very concerned” about the threat of ransomware attacks. Only 28% of their small business clients felt the same way.

And keep in mind, these are the small business owners who had the initiative to outsource their IT needs. Many firms don’t even take the threat seriously enough to seek the help of professionals.

Even the U.S. Government is getting more serious about ransomware. | Source: Twitter

What Is Ransomware?

Ransomware occurs when a hacker steals or disables data. Often they will infect a device with a form of malware designed to encrypt files and render them unusable to the owner.

The victims may be alerted through an on-screen message stating that the user’s system has been locked.

As you may have guessed, the cybercriminal then holds the owner’s information for ransom.

Sometimes the hackers will try to double up their ransom by exposing the business and its clients. We saw this late last year with the prolific ransomware group REvil. In December 2020, the group stole sensitive and ‘intimate’ photos from a cosmetic surgery clinic. Some of the clients were celebrities who no doubt had their own motivations to keep the data suppressed.

Check out this video on a $50 million ransomware attack from REvil:

Acer Suffers REvil Ransomware Attack - $50 M Ransom demand | Cyber Protection Operation Center News

Average estimates on the ransom requests vary greatly, but the actual ransom (which we don’t recommend paying) might only be a fraction of the total cost. In many cases, whole companies are forced to go offline until the incident is resolved. They generally need to hire a team to conduct a forensic audit. And there’s also the hidden cost of a reputation blow.

MSPs reported that the average ransom cost for small businesses was $5,900. But depending on the size of the company, forensic audits can cost anywhere from $10k to $100k.

All said the average total cost of a cyberattack ranges from $200k to $3.86 million, depending on the source.

If that cost sounds devastating to a small business, your intuition is correct.

According to the National Cyber Security Alliance, 60% of companies go out of business within six months of a data breach.

How to Protect Your Small Business Against Ransomware

Datto’s survey ranked phishing emails as the number one cause of successful attacks. Oftentimes hackers aren’t pulling off intricate, hi-tech heists. They’re simply tricking people.

We have more detailed articles about protecting your business from hackers, but there are basic steps every firm should take.

You should always consult with a cybersecurity expert before any attacks take place. Every small business should also invest in basic cybersecurity training for its employees. A phishing-to-ransomware attack can often be prevented simply by training employees.

Here’s a video on cybersecurity tips for small businesses:

Cybersecurity Basics for Small Business | Federal Trade Commission

Maybe some of Twitter’s largest names wouldn’t have been hacked if the company’s employees had been better trained in spotting thieves. They surely are now.

And every business should employ the fundamentals. Always require long, varied passwords for sensitive accounts. And enable two-factor authentication wherever possible.

And if you think you or your business has been compromised, reach out to us immediately.

Featured image by adike via

Aaron Weaver is the Head of Content for He has over 15 years of journalism experience. As a tech-savvy editor and researcher, he prides himself on journalistic integrity by providing cutting edge data backed by the latest science.

[email protected]

We have been recommended to clients by employees at FBI and local law enforcement in the United States. For references, please send us an email.


Read all of our reviews here.

Our Locations