4 Nov, 2019

The Cost of Cyberattacks to Small Companies

Cyberattacks now cost small companies $200,000 on average, putting many out of business. Don't be one of them. Be prepared and stay safe.
The cyberattacks that make headlines are the ones that hit governments and the biggest businesses. This isn't surprising. They're recognized names, and those are typically the largest-scale attacks. They result in millions of exposed records and billions of dollars in cost — that's what makes the news.

But, out in the shadows, large numbers of small businesses get attacked every day. Their losses aren't as big, but they don't have the same financial cushion as those larger corporations. A breach can easily wipe a small company out. If you have $500 million and lose $20 million to an attack, that's painful, but you'll survive. On the other hand, if you have $2 million and lose $2 million, your next stop is bankruptcy court.

A typical small business website is attacked over 40 times a day. It has to hold them all off. A single successful attack could do enough damage to wipe out a company, yet most businesses don't have a solid security strategy. They hope their website protection is good enough, but too often it isn't.
Why are small businesses targets?
If you're on the Internet, you're a target. Most online attacks are automated; they probe domains or IP addresses, looking for weaknesses wherever they may be. Whether your network is big or small, it's on many lists. All websites, at some point in time, will be attacked by automated malware. More than a million new malware samples are detected each day.

Small businesses are attractive to criminals who prefer a steady stream to the uncertain hope of a big haul. Verizon's 2019 Data Breach Investigations Report says that 43% of cyberattacks are aimed at small businesses. The proportion might be even higher; many small companies don't admit to anyone that they've been attacked, or they don't realize that they have. Some sources put that percentage as high as 70%.

CNBC reports that the average incident costs a small business roughly $200,000. It states that "for small business owners, it's no longer a matter of considering if security threats will arise, but rather thinking in terms of when." Nonetheless, a majority of the people making decisions for small businesses think they aren't likely to be targeted.

Estimates vary, but the costs are always high. Kaspersky Lab has placed the average cost of a breach for small businesses at $38,000 in direct costs. This includes $10,000 in professional services, $5,000 in lost business, and $23,000 in downtime. Indirect costs are harder to quantify but add thousands more. They include efforts to prevent another breach and damage to the business's reputation.
What are the dangers?
Security incidents expose businesses to some potentially expensive risks.

  • Theft of confidential information – A breach of private records is often costly. The people affected may sue, especially if they think your business has been negligent. Regulatory penalties, including GDPR and HIPAA, are often expensive. Besides those direct costs, there's the loss of customer confidence.
  • Website infection – Malware deposited on your website may stay a long time without being noticed, stealing information.
  • Malvertising – Ads on your website pose a danger if your advertising partner has been breached. Your site could be blacklisted for hosting malicious content.
  • Spamming – Your server could become a sender of spam email without your knowing it. This can lead to all your email being blacklisted.
  • Form data theft – A compromised website can send the data submitted on forms to a criminal server. The results can range from loss of privacy to identity theft.
  • Denial-of-service attacks (DoS) – These attacks prevent people from connecting and slow down your site. While the attack is in progress, you could lose business, and people will think your site is unreliable.
  • Data destruction – Competitors, vandals, and "hacktivists" may want to erase or damage your valuable data for their own reasons.
  • Ransomware – Your files become encrypted, and the only way to get them back is to pay the attackers (or so they claim). Paying may not recover the files.
  • Spearphishing – Carefully crafted, personally targeted email messages may trick people into disclosing information or making payments to the perpetrator.
Special risks for small businesses
  • Lack of security specialists – A company with a relatively small IT team probably can't afford a full-time security specialist. Using outside experts, whose cost is shared with other customers, helps to fill the gap.
  • Insufficient staff to maintain systems – Patching software to eliminate vulnerabilities is important, and falling behind is dangerous. Automating the process makes it easier to keep up.
  • Inadequate backup, or none – Having a complete and current backup lets a business recover from security incidents and other mishaps. Improving the quality of backups is worth spending a little extra money.
  • Reliance on partners with similar issues – Small businesses often work with other small businesses, who will have similar security weaknesses. Having a good firewall, including a web application firewall (WAF), will reduce the danger.
Steps to minimize the risk
To keep the risk of cyberattacks down, you need a security strategy, not an uncoordinated set of measures. Your approach should be proactive rather than reactive. Be ready for whatever may come, using in-depth hacking protection.

Make sure employees are aware of security issues. They should understand the importance of choosing strong passwords and being careful about their email.

Back up all important data. An incremental, offsite backup will survive attacks on your site and let you recover from data damage.

Use the best security software. Quttera's ThreatSign guards against online threats and eliminates them when it finds them. The Essential Security plan includes:

  • Automated malware removal
  • Server-side scanning
  • Web-based dashboard
  • Web application firewall
  • Website hardening
  • DNS checkups and other essential tools
The Essential Security plan is for sites that are clean when the subscription starts. If you have a current issue that needs fixing, get in touch with us first.

Cyberattacks now cost small companies $200,000 on average, putting many out of business. Don't be one of them. Be prepared and stay safe.

Verizon 2019 data breach investigations report
Worried about a cyberattack? What it could cost your small business (Business News Daily)
What Does Cyber Security Mean to Your Business?
Cyberattacks now cost small companies $200,000 on average, putting many out of business