Data breaches prove costly for small businesses As cybersecurity becomes more widely understood, there is a growing awareness that this is an issue which small business leaders cannot afford to ignore. While hackers focused their efforts predominantly on larger enterprises in the past, today these cybercriminals are increasingly turning their attention to a broader range of targets, putting more emphasis on opportunity than potential value.

A small business may not house the same degree of sensitive data as a large enterprise, but those assets are still incredibly valuable and are often much easier for cyberattackers to obtain.

Its not just the likelihood of attacks that should persuade small business leaders to take cybersecurity more seriously – it’s also the cost. As a recent study from Kaspersky made clear, small businesses face tens of thousands of dollars in costs in the wake of data breaches. In light of this, it’s easy to see that high-quality security awareness and broader cybersecurity resources should be seen as both a wise investment and a top-level priority for small businesses in every sector.

“SMBs spent $38,000 directly on security breach recoveries.”

Costly breaches

The study included participation from more than 5,000 companies of all sizes, based around the world. Among other information, the study identified the costs associated with data breaches for organizations of differing sizes. Among small to medium-sized businesses, the average money spent directly on recovering from a security breach was approximately $38,000. Along with this, SMBs spent about $8,000 in indirect costs.

Unsurprisingly, enterprises tended to see greater costs in the wake of these breaches than SMBs – $551,000 in direct costs and $69,000 in indirect expenditures. However, it is very possible that the damage inflicted on SMBs will be more serious and long-lasting. After all, these smaller firms are already much more prone to failure, and they lack the deep resources that enterprises can call upon in the wake of a data breach in order to recover as quickly and smoothly as possible.


There are a number of factors which are making it difficult for SMB leaders to effectively address their cybersecurity vulnerabilities. Among the most potent of these is the simple fact that these decision-makers do not fully or accurately understand the degree of danger that they face.

Speaking to Small Business Computing, Andrey Pozhogin, senior product marketing manager at Kaspersky Lab North America, emphasized that SMB leaders tend to recognize that these threats are real, yet they do not realize how much danger their own organizations face.

“Although [small business] awareness around security is up, it’s not affecting their security strategies,” Pozhogin told the source.

This state of affairs makes it even more important for SMB leaders to acknowledge the threats they face and, critically, embrace action that can effectively decrease their risk levels. He added that when it comes to SMBs, cybersecurity decisions almost inevitably fall to the owner. SMB owners have to juggle so many business-related responsibilities, though, that it is very easy for data security concerns to fall by the wayside, or at least not receive the level of attention that they deserve. An enterprise, by contrast, will have a separate IT team, and quite possibly personnel dedicated specifically to cybersecurity matters.

Arguably the single most important step that such firms can take in this regard is to invest in information security awareness training for employees. With training and education, SMB workers can learn to recognize and understand the threats their organizations face, as well as how best practices can cut down on this risk. By improving employee behavior, SMBs can significantly cut down on the risk they face from an increasingly dangerous digital landscape.