Small businesses have a lot to deal with, like growth, accurate accounting, and filing tax returns. Since most small businesses have relatively few employees, there’s often little bandwidth left to think about cybersecurity.
Yet this is precisely what cyber attackers are banking on.
One study found that up to 43% of SMBs have no cybersecurity defense plan, while 23% use no endpoint security. Meanwhile, a report by IBM and the Ponemon Institute found that cyber attacks cost SMBs, on average, $7.68 million per attack.
With small businesses representing soft targets for hackers, these cyber attack statistics show small business owners must understand the damage a cyber attack can have on business value and take appropriate remedial measures.
Common Cyber attacks Targeting Small Businesses
Before looking at how an attack can affect small business value, what specific cyber threats should small business owners consider?
According to Cisco, these are the top cyber threats:
- Malware: Malware describes any malicious software that blocks access to valuable data (ransomware), takes over computing resources (worms), secretly obtains and transmits confidential data (spyware), or renders computing resources unusable (viruses).
- Phishing: Phishing attacks send fraudulent communications that appear to come from a credible source like a supplier, co-worker, or customer. Their main objective is to obtain confidential information like passwords and install malware on the user’s computer.
- Man-in-the-middle: These attacks eavesdrop on two-party communications and transactions to filter and steal data. They often occur on unsecured public Wi-Fi networks.
- Denial of Service/ Distributed Denial of Service (DDoS): Attackers flood and overload a company’s servers, networks, and systems forcing them offline or malfunction, giving them server access.
- SQL injection: Attackers "inject" malicious code into an SQL server through a vulnerability on a website, tricking the server into revealing data that it typically would not.
- Zero-day exploit: After a vulnerability announcement, attackers exploit it before a patch is released or target networks late to install the patch.
- DNS tunneling: Although DNS tunneling is a routine function of networking, attackers can use it to disguise stolen data as outbound internet traffic or malicious commands as legitimate inbound traffic.
Effects of Cyber attacks on Small Business Value
The damaging effects of a cyber attack on small business value can quickly render it worthless to a potential buyer. It, therefore, pays to know how a cyber attack can damage your small business, even if you are not thinking of selling right away.
When a cyber attack occurs, the first impact is on productivity. Staff productivity grinds to a halt when critical IT infrastructure like servers, networks, and devices becomes inaccessible or unusable.
If a ransomware attack, loss of access to crucial data like customer information and supplier data means normal work process cannot proceed.
From an economic perspective, lost productivity is equivalent to potential lost earnings. As such, a small business would need to adjust its projections downwards to reflect the lost revenues.
Cyber attacks result in direct and indirect financial losses. In ransomware attacks, hackers demand payments to release company data, which can render a small business insolvent if paid and sufficiently high.
Indirect financial losses that accrue include lost productivity and the need to purchase new equipment if they are permanently damaged.
If a small business owner were planning to exit the business, such a disaster would significantly lower the company's value or make it unviable to sell, at least until the business recoups the losses.
No one wants to do business, let alone buy a company that was recently hacked. When a cyber attack occurs, it is assumed the business’s data is compromised and can potentially be used in a future attack.
Such an occurrence can permanently damage a small business’s reputation and undermine its value. In addition, the reputational damage can also result in the loss of key customer relationships, further damaging the business’s value.
As you can see, while the attack might not fundamentally damage the business’s operations, a loss of reputation can have a disproportionate effect on the overall business.
Small businesses operating in data-sensitive industries like finance and healthcare face legal liabilities like fines, loss of license, and other sanctions in the event of an attack. In some cases, litigation may arise from the breach of an SLA with a customer.
Small businesses contending with such legal hurdles often find it challenging to grow or attract new customers. Moreover, any fines paid or licenses lost can directly impact the company’s value, undercutting years of hard work invested in getting it to its now-former state.
Business Continuity Challenges
Although the factors above weaken a small business, a cyber attack can also pose an existential threat. If a small business loses mission-critical data, it might lose the ability to continue servicing existing contracts.
In other instances, attackers might defraud the company a large sum of money, resulting in a significant financial hit that puts it permanently out of business.
Even in cases where a business survives, it might limp on for years, unable to fully recover and regain its former sellable valuation.
How Small Businesses Can Prevent and Survive Cyber attacks
Although there is a whole litany of measures a small business can take to protect itself, here are a handful of quick actions to get the cybersecurity ball rolling:
- Acknowledge that cyber attacks are imminent.
- Train staff on simple cybersecurity measures like setting strong passwords and not using unsecured public Wi-Fi.
- Create a simple cybersecurity policy covering IT, governance, and people cybersecurity measures.
- Continually update software, including firmware, apps, and device operating systems.
- Have a disaster management plan (DMP) in place that covers areas like cloud backups, cybersecurity insurance, and how to survive an attack.
Small business owners spend decades building the value of their businesses. Yet, one cyber attack can significantly markdown this value to the point of rendering it unsellable.
Taking simple steps to protect your business can help establish resilience to thwart cyber attacks while at the same time building and preserving long-term business value in readiness for a future exit.
Related Article: Five Ways Cybersecurity Generates Business Value
About the author: Ashley Lukehart has been writing about the impact of technology and IT security on businesses since starting Parachute in 2005. Her goal has always been to provide factual information and an experienced viewpoint so that business leaders are empowered to make the right IT decisions for their organizations. By offering both the upsides and downsides to every IT solution and consideration, expectations are managed and the transparency yields better results.