1. Home
  2. /
  3. Cyber insurance
  4. /
  5. Why Are Small Businesses...

Why Are Small Businesses Targeted By Cyber-Criminals?

Mar 20, 2023

We recently discussed the top industries and companies at risk of cyber-attacks. Cyber-criminals do seem to focus on certain sectors, including education, energy, financial, and healthcare. But regardless of the industry, above all cyber-criminals tend to target small businesses over large businesses.

In this post we’ll explore why small businesses are particularly vulnerable to cyber-crime and discuss some steps you can take to protect your business.

Want to discuss your cyber security risks? We have a team of experts on hand to help. Call us on 0208 290 9080 or email us at cyber@anthonyjones.com.

Cyber Crime Risks For Small Businesses

Figures from a cloud security company suggest that cyber-criminals are three times more likely to target small businesses over large businesses. They analysed millions of emails from thousands of companies and found that employees of smaller businesses will experience 350% more social engineering attacks than employees of larger enterprises.

In 2022, BIBA estimated that 96% of all cyber-attacks are directed at SMEs.

So cybercrime could be the biggest risk that SMEs face in 2023. Cyber-criminals won’t overlook your business because you’re new, or because you only have a handful of employees, or because you have a smaller turnover than other businesses. Indeed, these might be the very factors that encourage cyber criminals to target you in the first place!

Why Do Cyber-Criminals Target Small Businesses?

Small businesses:

  • May underestimate the value of their data, so may not take necessary steps to protect it.
  • Do not have the resources to properly train staff to understand the risks of cybercrime.
  • Are unlikely to have cyber breach response policies and procedures in place, so in the event of a ransomware attack, they may have no choice but to pay.

Also, some small businesses use IT systems that are linked to larger partner businesses. So cyber criminals may target small businesses as an entry point to a larger business’s network.

Why Do Cyber-Criminals Avoid Large Businesses?

Large businesses have dedicated cyber security teams and highly secure systems. They have the resources to train their staff to understand the risks of cyber-crime, and they have cyber breach response policies and procedures. This means that, in the event of a cyber-attack, they’ll respond quickly and effectively.

So for cyber-criminals, large businesses are tough nuts to crack. Very few of them have the skills or the patience to even attempt a breach. But with small businesses, it’s a completely different story.

How to Protect Your Business Against Cyber-Attacks

We have a complete guide to the different types of cyber-attacks which contains tips on how to respond to each risk.

Small businesses seem particularly vulnerable to ransomware attacks. This is where a cyber-criminal encrypts your data and demands an excessive fee – a ransom payment – to decrypt it. Fail to pay, and they’ll either delete your data entirely, or worse, they’ll sell it to other cyber criminals.

Ransomware attacks often start life as phishing attacks. Criminals send an employee an email claiming to be from a manager, another member of staff, a supplier, or an official body, such as a bank. This email will seem legitimate. It will either request the employee to send sensitive information, including passwords and bank details, or else click a link. Clicking this link will install malware on the employee’s computer, which could make the whole network vulnerable to future cyber-attacks.

So understanding the risks of cybercrime is your first line of defence on protecting your business from cyber-attacks. Take the time to learn about common cyber-criminal tactics and invest in specialist training for your staff.

Be as vigilant as possible and take care about how you store your data. For example, never take sensitive data out of the office. And if you must do so, make sure it’s on a device with password protection, and never leave any company devices unattended in a public place.

Keep You and Your Business Safe From Cybercrime

Vigilance and common sense can help protect your business from cyber-attacks. But how you respond to any cyber breaches is just as important. You need dedicated cyber breach response policies and procedures. That way, if you ever do fall victim to a cyber-attack, you won’t feel like you have no choice but to pay.

In the event of a data breach, cyber insurance will cover your business’s liability as well as your ability to manage the impact on both your systems and finances.

If you have any questions about business insurance, or if you want to discuss whether cyber insurance is right for you, we have a team of experts ready to help. Call us on 0208 290 9080 or email us at cyber@anthonyjones.com.

Get a Quote

You can call us during normal office hours, Monday to Friday, 9am to 5pm. Outside of office hours you can either email us or leave an answerphone message and we promise to get back to you the next working day.

General enquiries:
020 8290 4560

Sign up for news

* indicates required