April 6, 2023

The United States is increasingly concerned about protecting critical infrastructure from cyberattacks, even as small businesses remain vulnerable and enticing targets for hackers.

According to Score statistics from 2017, 43% of cyberattacks target small businesses. While ransomware assaults are the most common cyber risks to small businesses, hackers may also infiltrate SMBs through stolen login credentials, phishing emails, and malicious messaging.

Small to medium-sized businesses (SMBs) are increasingly vulnerable to cyber threats, yet many incidents go undetected. The lack of reporting makes it difficult to appreciate the true scope of cyberattacks. Small companies are frequently hesitant to report breaches owing to the potential for negative publicity, while hackers may leak data or personal details if firms contact law police.

“SMBs do not report breaches very often, and they are not the ones making headlines on a national level,” says Sohail Iqbal, Chief Information Security Officer for Veracode. “Financially motivated adversaries find SMBs a soft target due to the insufficient security controls and shortage of skilled resources at their disposal.” The cost of cybercrime to small businesses reached $2.4 billion in 2021, according to the FBI’s Internet Crime Report.

Despite the increasing cyber dangers to small businesses, many owners think they are not at high risk of a cyberattack. According to a CNBC study conducted in 2021, 56% of small company owners were unconcerned about becoming the victim of a cyberattack in the following 12 months. Furthermore, 59% indicated they could swiftly handle a cyberattack, while 42% said they had no plan in place to respond to an assault.

The sources for this piece include an article in Axios.