What are the risks for small business?
In a recent article in PCMag, Security Managing Editor Alan Henry wrote: “The UK-based KNP Logistics Group had just celebrated its 158th anniversary when an attacker found a single employee who didn’t have multi-factor authentication enabled, and was able to guess the user’s password. The company was unable to pay the ransom, declared bankruptcy and laid off its 700 employees. ⁶

Accenture’s Cybercrime Study ⁴ reveals that nearly 43% of cyber-attacks are on SMBs. Small businesses face multiple risks to ongoing operations and viability. Financial loss can result from ransom, lost revenue due to downtime and productivity drain, theft of IP, and cost of restoration and increased security. SMBs spend between $826 and $653,587 on cybersecurity incidents with an average of $25K. ³

Service operations can be disrupted or shut down. Malicious software can block access to systems or render parts of the system inoperable. Systems can become slow or unstable, affecting productivity and availability. Data can be stolen, corrupted or deleted. Sensitive personal and financial data, or confidential IP can be stolen and misused, leading to privacy violations and loss of competitive advantage.

Reputation and Customer Trust can suffer. Mishandling sensitive data or major breaches erode customer trust and loyalty. Security incidents can attract negative media attention, further harming brand image. And finally there can be legal and regulatory issues - fines and penalties for failing to protect sensitive data, especially if subject to privacy regulations, and litigation due to data breaches.

Avoidance is not the answer
“It won’t happen to me”. Almost half of breaches are committed against SMBs, and many go out of business as a result. According to Accenture’s Cybercrime study ⁴: nearly 43% of cyber-attacks are on small businesses. It’s more a question of when, not if, an attack will occur. “We don’t have budget “. The potential damage can far outweigh the cost of security.
“I don’t have time”. The trend is not in your favor. According to the Mastercard SMB survey ¹, almost half have experienced an attack and 1 in 5 have closed their business.
“We don’t have knowledge or resources”. Cyber criminals know this and exploit it. There are processes, programs and technology to help.
“We already have insurance”. Cyber liability insurance may provide financial compensation and legal protection, but doesn’t reduce the risk of attacks and their varied consequences.

NEXT: Part 3: Finding a solution

References:

1. Mastercard, “Too small to be ignored? Not anymore. Why shoring up cyber defenses for small businesses is crucial”. March 27, 2025.
2. CyberCrime Magazine, Steve Morgan, Editor in Chief, “Cybercrime To Cost The World $10.5 Trillion Annually By 2025”. November 13, 2020.
3. Astra IT, Inc., Nivedita James Palatty, author. “51 Small Business Cyber Attack Statistics 2025 (And What You Can Do About Them)”. June 16, 2025.
4. Accenture, Ninth Annual Cost of Cybercrime Study, March 6, 2019.
5. Verizon, 2025 Data Breach Investigations Report.
6. PCMag, Alan Henry, Managing Editor, Security. “$6.7M Ransom, 700 Jobs Lost, and a 158-Year- Old Business Destroyed—All Thanks to One Bad Password”. September 26, 2025.

Author: Jake Krakauer, an independent business technology consultant based in Pleasanton, California.