How Data Breaches Affect Small Businesses

While hacking-related data breaches and subsequent ransom demands to large corporations like HBO, Target, and Home Depot understandably garner widespread attention, the resulting assumption that only large companies face this growing digital threat couldn’t be further from the truth. In fact, a study in 2016 found that 43% of all cyber attacks targeted small businesses. Even more alarming is that a staggering 60% of small businesses hit with a cyber attack or data breach go out of business within 6 months. Let’s take a look at specifically how this increasing threat affects small businesses.

One of the biggest problems with determining the true impact of a data breach is that a significant portion of the financial costs are hidden. In reality, the direct damages as a result of an attack are almost always less than the hidden damages. The trusted professional services consultancy Deloitte recently determined that up to 90% of a cyber attacks total costs were hidden in an analysis titled “Beneath the Surface of a Cyberattack.” These “hidden” costs, they claim, can accumulate for years after an attack or breach and often include hard-to-measure effects like brand and reputational damage, decreased confidence in the victimized company’s ability to competently deliver its offering, or increased costs associated with debt financing. As a result, Deloitte claims that currently accepted financial estimates surrounding cyber attacks and data breaches are greatly undervalued.

Example Data Breach Costs

The following industry-specific examples are based on claims data collected by the data breach insurance carrier RGS Limited and a 2016 small and medium-sized company data breach report published by the state of California.

  • Dental Practice
    Patient records were stolen resulting in a total breach response cost of $33,000 including notifying each affected patient.
  • Restaurant
    A breach of payment card information resulted in $24,000 of audit expenses and an additional $75,000 in fines and penalties from the credit card companies.
  • Travel Agency
    A breach of private customer information ended up costing $27,000 in forensic audits, fines, and various legal expenses.
  • Retail Store
    An undisclosed data breach resulted in a $39,000 fine after a $10,000 forensic audit exposed the cyber attack.
  • Bowling Alley
    A breach involving payment card information and personally identifiable customer details triggered a $60,000 fine from the credit card companies whose information was exposed.

On average, a small business data breach involves 9,850 records costing $51,000 in damages. Obtaining data breach insurance to cover these “above the surface” costs is always smart and a great first line of defense. In fact, most cyber liability and data breach insurance policies, including one with $100,000 in protection that we sell for just $250 per year, will pay for fines, forensic audits, notification costs, and legal costs.

But how do companies deal with the “below the surface” hidden costs that Deloitte estimates to be far more significant? Experts provide several recommendations for ensuring that the financial impacts associated with a cyber breach are minimized.

Develop a Robust Password Policy

Employees are notorious for using weak or common passwords that are easy for thieves to hack. Educate your entire team on the importance of strong and regularly updated passwords. When possible, enable settings that force strong passwords by requiring a combination of upper and lowercase letters, numbers, and special characters. For even greater security, employ two-factor authentication in addition to your robust password policy.

Deploy a Firewall

Setting up a firewall is like surrounding your company network with layers of walls and checkpoints. They manage access to all incoming and outgoing data through fully customizable rule sets and logging. Don’t be intimidated by how expensive or difficult they might sound; there are many affordable firewalls and the Internet is full of tutorials that can walk even the most tech-inept business owner through the process of getting one setup.

Protect Company Email

Email is one of the most common ways for hackers to gain access to a company’s data. We’ve all received emails that sound too good to be true or asking us to click an unfamiliar link. Always run your business email through a reputable email provider like Google’s G Suite or Microsoft’s Office 365. When properly configured, these email providers are capable of identifying and filtering out nearly all phishing attempts. If you use an email client in addition to webmail, always keep the email client up to date. Finally, ensure each employee has adequate antivirus and malware prevention software installed and regularly updated.


Unfortunately, cyber attacks and data breaches are a real and costly threat that every small business owner must accept. And while cyber liability and data breach insurance is a protection that companies of all sizes need to have in place, it isn’t designed to be the only safeguard. But when you combine a sound insurance policy with defensive measures like the ones listed above, you’ll be well-equipped to respond and overcome what 43% of all small business owners experience each and every year.