Reports Show an Increase in Cyberattacks on Small and Medium-Sized Businesses

Michele Epstein

VP, Professional & Management Liability

May 28, 2021

While most of today’s media focus primarily on larger cyberattacks, new reports show that small and medium-sized businesses (SMBs) are more at risk from an attack compared with their corporate counterparts. In fact, the cloud security company CD Networks reports that cyber experts believe as many as 60% of SMBs will be forced to close their doors within six months of experiencing an attack.

Why SMBs?
The main reason behind the majority of SMB cybersecurity failures is that most companies struggle to secure robust and mature security protocols that are similar in scope and protection to what larger-sector enterprises use to prevent cyberattacks. According to a 2021 report by USTelecom, 45% of SMBs surveyed said they experienced a cyberattack in the past year. Of the SMBs impacted by an attack:

  • 59% said productivity came to a halt
  • 46% said they lost customers
  • 5 months was the average amount of time it took to fully recover
  • $170,000 was the average cost to resolve the issue

Lobbyists Rally for SMB-Specific Cybersecurity Federal Policies
Recognizing the siege SMBs are under, cybersecurity advocates have been key lobbyists for convincing the Biden administration to adopt small business-specific cybersecurity federal policies. In a recent white paper from the Cyber Readiness Institute (CRI), the organization proposed a five-pronged approach to persuade the Biden administration to increase small-business cybersecurity.

According to advocates, SMB cybersecurity should be addressed separately from that of large corporations because of the unique challenges SMBs face — primarily the inability to scale. The CRI notes that without the dedicated resources to address cybersecurity issues head-on, SMBs remain less equipped to understand where potential gaps in coverage exist or what federal resources may be available.

Currently, the CRI is pushing for greater investment in federal educational outreach toward SMBs that includes tax incentives to encourage investing in cybersecurity, for the Cybersecurity and Infrastructure Security Agency to inventory and index SMB-specific cybersecurity resources in a single location, and for public and private coordination to focus more on SMB-specific standards. And while the CRI lobbies for changes that will prove the most beneficial, its main proposal on the table is to have the federal government expand its CyberCorps Scholarship for Service program to include SMBs and federal agencies.

Your SMB clients don’t have to just sit and wait for a cyberattack to happen. They also don’t have to invest heavily in cybersecurity technology to get the protection they need. Most experts will agree that the simple process of applying basic best practices to prevent a breach can go a long way in deterring hackers. And if an attack happens, risks can be better mitigated with the right cyber liability insurance policy.

Our cyber liability experts have an in-depth understanding of markets that are best suited for specific classes of business and industry. From large to small operations, we can help you tailor a policy that addresses your clients’ individual cyber liability coverage needs.

Contact: Michele Epstein – VP, Professional & Management Liability
(818) 578-4042 or

Additional sources: SC Magazine and

Looking for a specific solution?