Cyber-attacks Cost Small US Businesses $25k Annually

Cyber-attacks are leaving small businesses in the United States with big dents in their annual budgets, according to new research by international insurance company Hiscox.

Data analyzed in the creation of the "Hiscox Cyber Readiness Report 2021" revealed that the average financial cost of a cyber-attack to a small business in the US over 12 months is "high at $25,612."

The annual report, which was first published five years ago, surveys over 6,000 professionals from the US, UK, Belgium, France, Germany, the Netherlands, Spain, and Ireland who are responsible for their company’s cybersecurity. 

Respondents completed the online survey between November 5, 2020, and January 8, 2021.

Responses revealed that 23% of small businesses in the United States had suffered at least one cyber-attack during the past 12 months.

More than a third of US small businesses (35%) said that they do not fully disclose to all relevant internal and external stakeholders when a cybersecurity incident happens.

Other key findings of the report were that for small businesses, the most critical priority over the next 12 months is complying with the security requirements of their business partners (20%), over their own existing threats and vulnerabilities (18%). 

Many US small businesses (39%) said that they expect their security spending to increase over the next 12 months. Fewer than half (49%) reported having a cyber-insurance policy. 

Researchers found that the pandemic had created what they described as "cyber-stress" for small businesses in America.

With 63% of the small business workforce now toiling remotely, more than half (53%) of US small businesses perceive themselves to be more vulnerable to cyber-attacks.

“Small business can mean big business for cyber-criminals," said Meghan Hannes, cyber-product head for Hiscox USA.

"We know the financial impacts of cyber-attacks can be substantial, and small businesses are increasingly feeling ‘cyber stress.’ The good news is, there are measures businesses can take to help mitigate the risk.”

Hiscox advises businesses to have a formal budgeting process in place and ensure cybersecurity is considered and prioritized in decision-making as a preventative step against cyber-attacks.

What’s Hot on Infosecurity Magazine?