Small businesses may think they’re of little interest to hackers, and consequently they devote minimal resources to protection. However, statistics paint a very different picture.

According to a 2017 report by Ponemon Institute, the risk of cyberattacks and data breaches continues to rise for small to medium-sized businesses. In 2017, 61 percent experienced a cyberattack and 54 percent had data breaches involving customer and employee information.

Today, the National CyberSecurity Alliance and other sources claim about half of all cyberattacks target small business.

Top Vulnerabilities

The top three vulnerabilites for small business are web-based attacks, phishing/social engineering, and general malware.

What are hackers after? According to a 2016 NetDilgence Cyber-Claims Study, 40% claims are for the costs associated with exposed Personally Identifiable Information and 27% for loss of credit or debit card data. The remaining claims were for non-credit card financial data, trade secrets and other forms of loss.

Nano-revenue companies (under $50M) account for 49% of all claims. More small companies exist to target, they’re less aware of the threat, have less training, and they have fewer resources to deal with hacks and breaches.

Top Loss Causes

Most losses originate from hacks (23%), followed by malware and viruses (21%). However, many companies experience substantial losses for lost or stolen mobile devices such as laptops, tablets, and cellphones, too (13%). Insider issues such as staff errors, system glitches, rogue employees, poorly-guarded paper records, theft, and other problems account for the balance of claims (43%).

Breakdown of Claim Costs

Restoring trust, protecting your company, fighting a barrage of lawsuits, and dealing with financial and regulatory authorities are all very expensive ventures. Here’s how most claims breakdown according to the NetDiligence study.

Crisis Services

By a long shot, the lion’s share of claim costs result from crisis services. Business owners spend three-quarters of their claim on forensics to identify their vulnerabilities, send notifications to customers, monitor the victim’s credit, and for legal guidance and other measures to ensure they’re following the letter of the law and doing what they can to salvage their company.

Legal Defense

Lawsuits are not unusual when a hacker accesses financial and personally identifiable data. About 3% of claims pay for a business’ legal defense when lawsuits arise.

Legal Settlements

Legal fees are only a fraction of what it costs to settle a lawsuit. About 10% of all claim costs are compensatory settlements for victims.

Regulatory Defense

Data breaches often include thorough reviews by regulatory bodies and stiff penalties for companies that do not adhere to state, federal, and industry standards. About 8% of claim costs go towards defending your business against exorbitant fines and penalties.

PCI Fines

If a hacker compromises Payment Card Industry (PCI) data, your business may face fines from the lenders because you did not process, store or transmit credit card information securely. About 5% of claims costs pay for these fines.

Small businesses can beef up their security, but hackers are innovative. Ransomware threats continue to increase and the McAfee Labs count of new malware rose 10% in 2017; and a new all-time high.

As well, many claims are for problems beyond company control. Fortunately, cyber liability insurance provides protection. It can cover expenses related to data breaches or privacy violation.

Since small businesses are at high risk, it is a reasonable precaution to protect your company and its data.