Concerned About Cyberattacks? The Threat Is Real

According to a 2024 survey, 60% of small businesses believe that cyberattacks are the biggest threat they currently face — and rightly so.1



When a data breach occurs, hackers gain access to the personally identifiable information of customers or other individuals, opening the door for identity theft and other financial crimes. Even small companies can be held legally responsible when their customers’ personally identifiable information is disclosed. Moreover, the time and expense involved in recovering from any type of cyberattack could be insurmountable.

Does your company handle potentially sensitive information about customers, employees, or competitors? If so, you may want to be proactive about addressing this risk.

Methods of attack

Phishing often involves emails sent to employees. Clicking on a link provides access to the company’s network, allowing the installation of malicious code (malware) designed to steal or hijack critical data.

A watering hole attack targets individuals or organizations by infecting websites that they frequently visit with malware.

Ransomware is a menacing virus that locks businesses out of their computer files and demands payment of a ransom in exchange for the return of company systems and data. Ransomware payments reached a record high of $1.1 billion in 2023, up from $567 million in 2022.2


Three out of four small businesses say they are prepared
for cybersecurity threats…


Small businesses cyber security threat preparedness: 23% say they are very prepared. 50% say they are somewhat prepared. 27% say they are not prepared. 48% trained their staff in cybersecurity. 52% did not.


…But less than half of small businesses trained staff
on cybersecurity measures in the past year



Source: U.S. Chamber of Commerce, 2024


Fortify your defenses

The Federal Communications Commission has some cybersecurity tips for small businesses.

  • Install and update antivirus software on every computer, and maintain firewalls between the internal network and the Internet.
  • If you have a Wi-Fi network, set it up so the network name is hidden and a secure password is required for access. Require passwords to be changed on a regular basis.
  • Train employees in security practices, especially not to open emails from unknown senders. Set up a separate account for each user, and provide access only to the data needed for users to perform their jobs. Back up critical data regularly and delete data when it’s no longer needed.
  • Lock up computers, laptops, and tablets to prevent them from falling into the wrong hands.
  • Consider purchasing cyber insurance, which may offer some protection (up to policy limits) from the financial risks associated with cyberattacks. Specifically, cyber insurance may help cover the cost of restoring or reconstructing lost or stolen data; losses stemming from a data breach, security failure, or ransom demand; and in some cases, lost income due to business interruption.

The cost of cyber insurance depends on the types of coverage selected, and policies have exclusions, terms, and conditions for keeping them in force.