Cyber Attacks on Small Business Equal Big Money for Cybercriminals

By David Hansen, CPA, CISSP, QSA, CISA on November 16, 2022
Back to main Blog
David Hansen, CPA, CISSP, QSA, CISA

Director | Risk Advisory Services


Cyberattacks are expensive business

Small and medium size businesses (SMBs) continue to face a growing threat from cyberattacks. With few resources and a lack of appropriate security, SMBs are left more vulnerable and made easy targets for hackers. By some estimations, small businesses are three times more likely to be targeted by criminals than larger companies.

As threats become more sophisticated and the consequences more dire, an investment in establishing a resilient cybersecurity environment far outweighs recovery expenses. MAXIS® by Freed Maxick helps SMB owners and leaders prevent and protect their digital ecosystems from costly data breaches.

What’s at Risk: Small Business Cyber Attack Statistics

In a 2022 NetDiligence® Cyber Claims Study, which analyzed 7,500 cyber claims for incidents occurring during the five-year period 2017–2021, the average cost of a ransomware incident that includes business interruption and recovery costs is $623K for SMBs. The report states that in this period, 98% of cyber insurance claims came from SMBs. And the Small Business Administration (SBA) reports that, “small businesses are the target of 43% of all data breaches.” The SBA also reports that “60% of small businesses go out of business within 6 months after a significant cyber attack.”

Partners in Crime: Cyber Attack Prevention

Theoretically, cyber responsibility is everyone’s job. But without protocols, employee and third-party partners (i.e. vendors, suppliers) are catalysts for easy entry and present significant liabilities.

  • Human error is the number one point of entry. In its 2022 Data Breach Investigations Report (DBIR), Verizon shows that 82%, or eight in 10, data breaches involved human-related vulnerabilities.

  • Whether enabling unsecured WiFi or downloading a game, employees (or their kids) can unknowingly provide an opportunity for access to a corporate network through mobile phones.

  • More complex attacks happen when a third-party’s technology (i.e. payroll, banking, ordering) provides digital access. Accenture reports that supply chain breaches increased from 44% in 2020 to 61% in 2021.

  • In 2021, business email compromise (BEC), the exploitation of (employee, vendor, customer) email, was “one of the most widely reported cyber security issues,” according to the FBI. The agency calls BEC, “… one of the most financially damaging online crimes.”

Once criminals locate vulnerabilities, most need only 5 hours — or less — to break into an organization.

Teams, Tools, and Tech: Cybersecurity Planning

As the cost of timely recovery and the threat of demise present real challenges, the case for vigilance in planning and preparing becomes stronger.

The MAXIS outsourced accounting team develops processes and execution with controls and protocols in mind, which in turn enhances security for clients (especially those clients on Netsuite with additional Oracle cloud security protocols). Custom plans mitigate risk, safeguard assets, and ensure continuity of operations. We work alongside the Freed Maxick Cybersecurity team to assess, implement, and monitor secure systems and processes for effective prevention and the protection of individuals and businesses.

As the NetDiligence report states: “Organizations with a robust and tested cyber resiliency plan will potentially mitigate the risk of longer interruptions and high recovery costs, reducing the overall impact to the business. The idea is not only to recover, but to recover expeditiously – which can only be accomplished with a proper cyber resiliency and crisis management plan.”

As we continue to become dependent on technology for connectivity, productivity, and profitability, it is imperative that SMBs strengthen their security and build cyber resilience.

Proactive cybersecurity planning and preparation can help protect organizations from small business cyberattacks, business interruption, and costly recovery. To learn more about how MAXIS can help, contact Alexis Becker for a complimentary consultation at Or reach out to Dave Hansen to talk about risk management at

New call-to-action

Stay up to date