A West Coast real estate developer, a New England confectionery and an East Coast construction firm all have something in common: They each lost as much as $1 million to cybercriminals who employed an arsenal of sophisticated weapons. As hackers recognize that good things come in small packages, and as large enterprises improve their information security, these thieves are increasingly targeting small- and medium-sized businesses (SMB). Limited resources, budgets and staffing make these businesses easy targets for cybercriminals, who also manage to find their way around security roadblocks, requiring every business to constantly be alert. SMBs face life-threatening reputational, financial and operational risks should a breach occur, now is a crucial time for them to concentrate on creating an effective cybersecurity strategy that maximizes their protection and minimizes their risk. Consider these alarming statistics:
  • Forty-three percent of cyberattacks target small businesses;
  • Only 14% of small businesses consider their cyber defenses to be highly effective;
  • The average SMB data breach costs $86,500 in recovery costs; and
  • Sixty percent of small companies fail within six months of a breach.
Related: Accenture: Cybercrime to cost U.S. companies $5.2 trillion by 2024

The real impact of data thefts

Several different scenarios can open the door to data theft. Its impact usually extends well beyond the business itself to customers, partners and others. For SMBs, the top security concerns are:

In the case of the real estate developer, for example, a hacked email account between him and his bookkeeper triggered that theft. At the confectionery, a data breach led to stolen customer information. At the construction firm, malware installed on the company's system led to online cash transfers from its bank accounts to the crooks. So, how can SMBs defend themselves against what information security experts consider the increasingly inevitable cybertheft? While no one magic bullet exists, SMBs can take these six steps to become more security-conscious and prepared. Related: How to underwrite 2019's emerging cyber risks Michael Fitzgibbon is vice president of Insurance Services and chief underwriting officer of Slice Insurance Technologies Inc., a New York City-based InsurTech company that provides on-demand insurance and technology. He can be reached at [email protected]. These opinions are the author's own.

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:

  • Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
  • Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
  • Educational webcasts, white papers, and ebooks from industry thought leaders
  • Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
NOT FOR REPRINT

© 2025 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.

Agency Management
Agency Technology
Commercial Lines
Coverage & Policy Issues
E&S/Specialty Lines
Personal Lines
Catastrophe & Restoration
Education & Training
Commercial Lines
E&S/Specialty
Personal Lines
Reinsurance
Workers' Comp
Corporate Risk
Cybersecurity
Emerging Risk
Loss Control
Public Sector Risk
Analytics & Data
Technology Implementation
Technology Solutions