Cybersecurity for Small and Medium-Sized Businesses: What You Need to Know

Published on
Cybersecurity for Small and Medium-Sized Businesses

Most of the cybersecurity incidents that we hear about are inflicted on large corporations. The high profile of these organizations makes for sensational headlines. However, it should be noted that cybercriminals also target small and medium-sized businesses (SMBs). Even though the payout may be smaller from SMBs than that of a large company, it makes them no less attractive as a target for criminals. Preventing cyberattacks and other cybersecurity incidents is not a simple task, but, when armed with the right information, it is entirely possible for SMBs to stay protected.

Why Cybercriminals Attack SMBs

There are a number of reasons that bad actors might choose to target an SMB instead of—or as well as—a larger corporation. According to one study, more than a quarter of SMBs cited a lack of resources (28%) and in-house expertise and understanding (27%) as major hurdles to establishing a solid cybersecurity strategy. Other obstacles experienced by SMBs are a lack of information (14%), a lack of time (14%), and a lack of training (9%). In short, it is quite common for SMBs to be particularly vulnerable to cyberattacks due to difficult circumstances preventing good cybersecurity policies and measures.

Many cybercriminals target SMBs because they are often left unprotected due to the cost or complexity of security solutions and practices. While it can be easy for a small business owner to feel daunted by the task of protecting their enterprise against cyberattacks, it is far more difficult and costly to remediate an attack than it is to prevent one. Far from an afterthought, cybersecurity is an absolutely vital part of running a business if that business handles or stores any amount of enterprise, employee, or customer data—and you would be hard-pressed to find a business that doesn’t.

The Cost of a Cyberattack

As pointed out in VIPRE’s Security Group’s Data Breach Kit, “Small businesses are the most vulnerable to the effects of a data breach – especially the financial ones.” The average cyberattack against an SMB costs upwards of $25,000 USD. This may be a low figure for larger corporations, but it can be enough to bankrupt a small business. The financial cost is only the beginning as well: businesses must account for the effect an attack has on employees, customers, and partners, the time and effort that goes into rebuilding trust, and potential fees or even legal consequences for noncompliance with certain regulatory mandates.

An SMB may find itself the victim of a cyberattack even if security measures and practices are in place, as there is no foolproof way to prevent all attacks and breaches all of the time. However, the less prepared a business is for a potential attack, the more capacity that attack has to harm the business. Having some measures in place is better than having none, as it may allow for faster remediation, lower overall costs, and fewer attacks, even if it does not stop them altogether. The cost of going unprotected is far worse than the investment in essential security.

SMB Security Best Practices

While small business owners may be understandably intimidated by the task of protecting their organizations against cyberattacks, there are plenty of measures that are simple to implement and enforce. It is important (and relatively inexpensive) to ensure that all relevant software is up to date and reliable, data is stored and backed up securely, enterprise devices are password protected and kept in a secure location, and staff members are trained in maintaining these policies. Securing routers, encrypting devices, and using multi-factor authentication are additional crucial steps to protecting an SMB against any potential bad actors.

There are also resources designed to help SMBs develop, establish, and maintain these practices. The National Institute of Standards and Technology (NIST) Cybersecurity Framework is based on popular industry standards and practices and aims to help businesses through the process of identifying sensitive and critical assets, establishing protective measures and policies, implementing tools and solutions for the detection of security incidents, developing, testing, and updating response plans, and recovering from a potential attack. Resources like this can be of great help to small business owners looking for some additional guidance about how to secure their company.


Many SMBs are inadequately protected against cyberattacks, either because they lack the proper expertise or assets to implement security measures, or because they choose not to prioritize cybersecurity. SMBs face unique challenges and hurdles to cybersecurity due to their size and lack of resources, but it is vital for small business owners to overcome these hurdles and protect their enterprises against attacks. The cost of remediating a single cyberattack can be enough to topple a small business. Deploying security measures and establishing a solid security strategy is of extreme importance to SMBs, and resources are available to aid in the process and fill in the gaps where an organization’s resources fall short.

Join 34,209 IT professionals who already have a head start

Network with the biggest names in IT and gain instant access to all of our exclusive content for free.

Get Started Now