Too Small to Be Hacked? Think Again!

In our discussions with business owners we often run across this common misperception: “We’re too small to be hacked. Ransomware attacks go after the places with big money.”

That’s simply incorrect. Ransomware actors, like most thieves, go after the easiest targets. Small businesses often don’t have the time or budget to spend on cybersecurity as larger organizations, making them riper pickings for hackers. And here in the latter half of the year, attacks have noticeably shifted away from larger entities that might draw a political or law enforcement response at the national level.

For those reasons and more, that “we’re too small” perception has become even less true in 2021, as ransomware actors have shifted more to ‘mid-game hunting.’ The interesting (and disturbing) result is that while there have been fewer large ransom payments, hackers have made up the difference with an increased number of attacks on small to midsize organizations.

From Q2 to Q3 2021, the average ransom payment remained unchanged at nearly $140,000. That fails to take into account associated costs like business interruption, liability, reputational damage and all the other facets of recovering from ransomware.

What did change is the size of the firms on the receiving end of those payment demands: In Q3, roughly 44% of attacks were sustained by organizations with 101 to 1,000 employees, and nearly 35% by those with 11 to 100 employees … the very companies who thought they were “too small to be hacked.”

If you do sustain an attack, most experts agree that paying the ransom is probably not the best option, though in some cases there may not be another viable choice. While paying up will usually get your data unlocked, there’s no guarantee that copies of your vital information aren’t already in other, unsavory hands.

As always, the best solution to a ransomware attack is not to have one in the first place. See that proper cybersecurity measures are in place, employees are regularly trained to spot phishing attempts, and that – if the worst should happen – you’re insured in a way that will allow you to recover and continue doing business. Lightning really does strike, and more and more frequently it strikes businesses that used to fly below the radar. Contact Consolidated for a Cyber Insurance quote.