Axis_Blog_Why-cyber-criminals-target-small-and-medium-sized-businesses

The news is peppered with stories about cyberattacks on large corporations and even large municipalities like Atlanta. These stories make it clear that although the digital age has made it easier than ever to transact business, it also comes with a new set of threats that businesses should prepare for.

But what isn’t immediately apparent from these stories is the extent to which small and medium sized businesses in Canada are increasingly the target of these attacks.

Cyberattacks by the numbers

According to a report by Symantec, the United States currently holds the dubious distinction of being the country most affected by ransomware, but Canada is a close second.

Seventy-two percent of Canadian organizations that participated in a global ransomware survey reported being the victim of a cyberattack within the last year. Of those, 35% were identified as ransomware attacks.

An attack could mean the end of a business. With the average cost of a data breach for small business at $690,000 and mid-sized business at over $1 million, most companies don’t have the assets to remain solvent. That’s why 60% of small businesses that suffer a data breach fail within half a year.

Why small business?

The crime is the same no matter how big the business a cyber criminal targets. So why go after small and medium sized businesses? There are a few reasons.

  • It’s more difficult to get ransom from large companies. A common tactic for hackers is to steal a company’s data, then threaten to release it unless they’re paid a ransom. You can see how if a large company was threatened, they could potentially use their resources to try and get their data back from the criminals. But smaller businesses don’t typically have these resources at their disposal, leaving them with having to choose between suffering a privacy breach or a financial loss. Hackers know that the easiest option is often just to pay.
  • Small businesses are typically less prepared. Large companies might hire a cybersecurity consultant to asses their vulnerabilities, or have an in house cybersecurity team to get ahead of any potential threats. Not so with smaller companies. Without policies in place, small and medium sized businesses can easily underestimate the risks associated with accessing and handling their data, leaving them vulnerable. And considering that a majority of data breaches are a result of human error, it makes this vulnerability that much more tempting to criminals.
  • Data is valuable, no matter the size of the business. A company with even just a few thousand clients, or personal data records has valuable information that could be exploited.

But just because your company is vulnerable to cyberattack, doesn’t mean you’re helpless. There are a lot of things a small or medium sized business can do to protect itself, and cyber insurance is one of many risk management strategies a company can employ.