Small Businesses Are Being Targeted by Cyber Attackers Much Like Large Businesses — But at a Greater Cost

Small business cyber attacks are happening just as frequently as targeted attacks on big businesses, but the cost is much steeper.
By: | June 21, 2019

We hear plenty about cyber attacks targeting big businesses. In 2019 alone, 540 million Facebook records were exposed; a Toyota data breach exposed the personal information of 3.1 million customers; and the information for almost 12 million Quest Diagnostics patients became compromised.

But the Wall Street Journal reported that plenty of small businesses are getting hurt by cyber attacks, too.

While these attacks don’t make the same splashy headlines, the steep fines and large penalties that come with them are devastating.

Death of a Startup

The WSJ highlighted the story of Jessie Daniels and Polly Thistlethwaite, who started Innovative Higher Ed Consulting in New York in mid-2018.

Their goal was to “teach academics how to get more attention for their research.”

The journal reported: “In January, cyber thieves ran roughly 100,000 stolen card numbers through the payment system of Innovative Higher Ed Consulting Inc., a two-person startup in New York. Soon after, Bank of America Merchant Services, the startup’s payment processor, sent a $27,000 bill for reversing the charges.”

By May 2019, Innovative Higher Ed Consulting was closed due to the attacks. It’s a fascinating cautionary tale definitely worth the read.

By the Numbers

  • 67%. The number of small- and medium-size businesses reporting a cyber attack in a 2018 Ponemon Institute survey — up from 55% in 2016.
  • 43%. The amount of small businesses suffering data breaches in a recent Verizon report.


“It’s not unusual to hear that a small business in the formative stage has a relatively significant exposure. We have seen this time and time again.” — Larry Ponemon, founder and chairman, Ponemon Institute


“We don’t want very high velocity filters, because if we do that we would minimize the amount of commerce a business can do.” — Larry Brennan, a cyber security executive with Bank of America Merchant Services

Further Reading

There is plenty of material discussing how cyber attacks hurt small businesses.

In November, 2018, the WSJ interviewed two academics — Loren F. Selznick, associate professor of business law, and Carolyn LaMacchia, associate professor of information and technology management — who argued that small companies “are covered by the same cyber security laws as big companies, but they don’t have the same resources to manage security and can’t afford big fines or payouts in lawsuits. So, the researchers argue, lawmakers should find a way to protect smaller companies from devastating penalties.”

Ivy Walker, a risk management and compliance expert for small and medium-sized businesses, wrote in Forbes that “most small business owners aren’t prepared to prevent, detect or respond to a cyber attack” and highlighted three steps business owners can take: (1) Assume you’re a target; (2) train employees; and (3) find a tech expert to conduct a risk assessment and identify cyber threats.

Cybersecurity Ventures predicts that cyber crime will cost the world $6 trillion annually by 2021 which “represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.”

Small Business Trends detailed the seven types of cyber attacks most threatening to a small business right now&

Jared Shelly is a journalist based in Philadelphia. He can be reached at [email protected].

More from Risk & Insurance

More from Risk & Insurance