Small Businesses Are at Big Risk for Cyberattacks

Back to Blog
Internet security, online privacy concept, Abstract image of business woman using laptop under protection of encryption of data on internet

Small Businesses Are at Big Risk for Cyberattacks

There’s no shortage of studies and statistics about cyber crime. And while the numbers don’t always align perfectly from one report to another, and from one cohort to another, the specific numbers almost don’t matter.

Just because cyberattacks declined for one report cycle duration doesn’t guarantee they won’t rise again. Cyber trends ebb and flow, and hackers will persistently seek easy prey – companies of any size with weak cyber defenses. Unless the number of attacks falls to zero, SMBs must put cybersecurity at the top of their priority list. They never know when they will be part of the percentage. 

Something else SMBs should consider: most data breaches–85 percentresult from human error or malicious behavior. Data from the Ponemon Institute suggests that seven in ten employees were victims of password theft – which is most often the result of carelessness on the worker’s part. In Verizon’s report, incorrect delivery and misconfiguration were also in top spots for human error. 

One insider breach can cost around $7.68 million when you add up all the direct and indirect costs (including down-time, fines, lawsuits, notifications, identity protection for individuals who were compromised)With the most significant cybersecurity threat lying behind their own doors, SMBs shouldn’t look to external cyberattack stats as the sole risk barometer. 

Phishing is another top threatAlthough this method originates from unknown outsiders, the breach is ultimately launched by unwitting employees who open infected emails or linksThe same can be said for ransomware attacks, which rose 630 percent between January and April of 2020. 

An organization will suffer damage no matter how a breach occurs – it only takes one to devastate financial and reputational integrity. The big corporations have reserves to buffer an attack: dedicated IT teams, reputation-saving PR sources, sophisticated incident management plans . . . and big budgets. Not so SMBs.  

Here are few more statistics to drive home SMBs’ breach vulnerabilities: 

  • 52% of SMBs reported credentials were their most compromised data 
  • 83% of SMB data breaches were financially motivated 
  • 22% of SMBs transferred to remote work without a designated threat prevention plan 
  • 50% of SMB owners admitted that they don’t provide employees with cybersecurity training 
  • 58% of businesses stated that workers ignore cybersecurity directives 
  • 42% of IT leaders believed that their static data loss prevention tools won’t detect half of all threat incidents  

As an MSP, it’s your job to help secure your clients’ networks and protect their data. One of your most formidable weapons to do that is vulnerability scanning. This proactive activity can detect risks before they become incidents.  MSPs can use regular vulnerability scanning to differentiate themselves from the competition. Vulnerability scans not only generate recurring income, but the problems they uncover can expand your revenue and your worth to your client when you perform the fix. 

To find more about how you can use vulnerability scanning to secure your clients, visit us and request a demo. 


  1. Data Breach Investigations Report, Verizon, 2020 
  1. 2020 Cost of Insider Threats Global Report, Ponemon, 2020 
  1. 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses, Keeper and Ponemon Institute, 2019 
  1. The Cost of Insider Threats, IBM, 2020 
  1. New Study Reveals One in Three SMBs Use Free Consumer Cybersecurity and One in Five Use No Endpoint Security at All, Cision, 2020