Updated July 22, 2025
Small businesses are under siege, with 62.7% of cyber breaches targeting firms with fewer than 1,000 employees, yet many owners still dismiss cybersecurity as an unnecessary expense. This dangerous oversight is costing them dearly—60% of small businesses close within six months of an attack, a stark reminder that ignoring cyber threats can silently sink even the most promising ventures.
Many small business owners view cybersecurity as an unnecessary expense and ignore it until a costly breach occurs, despite 62.7% of breaches in a recent sample targeting firms with fewer than 1,000 employees and 60% of small businesses shuttering their doors within six months of an attack.
Shifting this mindset through awareness of risks and costs, and highlighting companies who focus on small business cyber protection can help safeguard operations and bottom lines.
Looking for a IT Services agency?
Compare our list of top IT Services companies near you
Small businesses continue to be heavily targeted by threat actors, but likely due to how sequestered small businesses are from each other, the threat tends to be under-prioritized. Repeated reports, findings, and trends show that small businesses are being impacted and often destroyed by cyber attacks.
Until small business owners understand that the need for cybersecurity protection is just as high as insurance or IT support, small businesses will continue to be a favorite hunting ground for malicious hackers looking for a quick payday.
The market for cybersecurity providers continues to trend towards medium- and large-sized companies as it has been challenging to attract small businesses due to other expenses being the priority of most small business owners. However, there are hundreds of companies focused on helping small businesses with cybersecurity. The 2024 Verizon DBIR found that 62.7% of breaches in a sample of 608 organizations with known size hit businesses with fewer than 1,000 employees, up from 46% across all breaches in 2021, signaling a growing threat to smaller firms.
Some business owners might think, “We’re too small to be a target,” but unfortunately, small in size doesn’t mean the business isn’t a lucrative target. As someone who advises small businesses on tech risks, I’ve seen several small companies with just a few employees fall prey to ransomware attacks. Sometimes, the payout is $50,000 or $15,000, but there is an incentive for threat actors (hackers) to go after even the “mom-and-pop” shops.
According to the IBM Cost of a Data Breach Report 2024, “A single breach can cost a small business around $200,000”, a sum that could cripple operations or force closure. While recent reports and trends show that small businesses are beginning to take cybersecurity more seriously, there is still a very real issue of treating cybersecurity as a “good thing to have” instead of a necessity for the longevity of a business.
In 2024, the US Chamber of Commerce reported “A majority (60%) of small businesses say cybersecurity threats, including phishing, malware, and ransomware, are a top concern.” It is encouraging to see that small businesses are beginning to see the reality of the cyber threats they are facing.
However, I speak with small business owners, and their reply is nearly always, “My business doesn’t need cybersecurity protection.”
Small businesses are the most common target of ransomware attacks by a large margin. In the Verizon 2024 Data Breach Investigations Report, Verizon showed that “82% of Ransomware Attacks Target Small Businesses with Fewer Than 1,000 Employees.” In the same report, in 2024, 36% of breaches were caused by phishing attacks.
In my personal experience, that number is probably a little bit low, especially concerning small business attacks. Egnyte via Keepnet Labs calculated that “Small Businesses Lose an Average of $8,500 Per Hour During Ransomware Downtime.”
While the costs to hire a 3rd party cybersecurity provider might seem like something that can’t fit into a budget, the cost of not protecting your business is even higher. Clutch has thousands of companies offering cybersecurity as a service, and as more cybersecurity professionals start their own cybersecurity firms to serve the local businesses in their area, the competition from smaller providers should continue to lower prices in the market while improving the services provided.
The Federal Communication Commission has published communications highlighting the importance of cybersecurity for small businesses and providing links to other resources to help small businesses with cybersecurity; these are a good place to start. However, with the severe consequences of a cyber attack, it’s vital to seek out experienced professionals who prioritize your business.
There is a trend of small businesses relying on their 3rd party IT provider for cybersecurity and Incident Response. Still, there should be a strong investigation into the IT provider's expertise, history, and experience in handling ransomware events and ensuring they are offering best-practice solutions and services.
Here is a somewhat similar comparison: just because a plumber can change the alternator on a car, you should rather find a certified mechanic to handle the car repairs. In the same way, IT and cybersecurity, while related, are such different areas covering a vast amount of information that it is worth finding a dedicated cybersecurity provider to protect your company.
The financial and reputational damage leading to 60% of small businesses closing within six months of a cyberattack underscores this urgency. The populace has been trained to understand the importance of insurance for business, auto, and life insurance; similarly, both active cybersecurity protection and cybersecurity should be a priority for every business.
Cyber attacks and cybersecurity aren’t going anywhere. Unless humanity goes back to the pre-computer age, cyber-attacks will continue to occur as they are easily achieved against unprotected targets. Just as bank and train robberies were popular in the Wild West, there is a large incentive for cybercrime, and since they are usually carried out from anonymous sources away from the reach of law enforcement, there is very little hindrance.
The best solution is to protect your business with dedicated experts who have put their lives into creating a company that can protect their neighbors' livelihoods and businesses.
