open sign in store window

There have been numerous reports of rising threats to small businesses at the hands of cybercriminals. It's a growing problem as small businesses struggle to protect themselves, mitigate breaches and, in some cases, remain functional.

Referring to the NIST Small Business Cybersecurity Act, which was signed into law in August, CloudNexus CEO Jay Rollins said, “Knowing that even the federal government is going to jump on board to assist small businesses has begun to underscore how vulnerable small businesses are today to attacks."

What the statistics show

Back in April, Nationwide commissioned Edelman Intelligence to conduct a 20-minute, online survey of 1,000 U.S. business owners. This survey found that only 9 percent of business owners admit their business was a cyberattack victim, but when given a list, 50 percent say their business has experienced at least one type of harmful cyber activity. Also troubling is that 64 percent do not have a dedicated employee or vendor in charge of detecting and combating cyberattacks. Clearly, this needs to change.

A report by FireEye and Marsh & McLennan Companies found that, on average, businesses take 146 days to detect a cyberattack. Think of the damage that can be done in that time.

Why small businesses are uniquely vulnerable

Small businesses are vulnerable because they simply don't have the resources that large corporations do. The big companies can afford the best protections and dedicated staff to ensure that systems and data are safe, but this can prove to be much more challenging for a small business — especially one struggling to keep the doors open.

Cybercriminals understand this and target small businesses as a result. It's often much easier for them to penetrate a small business's security or move on and find the next one with its guard down. As security solutions provider TrendMicro notes , "For many SMBs, watching the budget is necessary to keeping the lights on and ensuring the business lives to operate another day. This leaves very little room for other initiatives or unexpected costs. Unfortunately, this lack of funds shows often in the security solutions that SMBs implement. Some organizations have the basics while others don't have anything at all, relying on their size to avoid the attention of cybercriminals."

Scot Ganow, co-chairman of the Privacy and Data Security practice group at Taft Stettinius & Hollister LLP, thinks companies simply don't understand why cybercriminals target small businesses. "They mistakenly think they do not have the data the bad guys would want, are not big enough, or are not located in a big city where such hacks occur," he says. "A company’s size and location are often irrelevant to why an attack is launched."

What cybercriminals target within small businesses

Nationwide’s survey found that half (50 percent) say their business has experienced at least one type of harmful cyber activity: computer virus (27 percent); phishing (25 percent); Trojan horse (9 percent); ransomware (7 percent); hacking (6 percent); unauthorized access to customer information (6 percent); unauthorized access to business information (6 percent); issues due to unpatched software (6 percent); and data breach (6 percent).

A CloudNexus report indicates that the data at most risk within small businesses include: authentication data, personal health information, credit card information, proprietary data, social security numbers and financial transactions.

How to protect your small business from hackers

Regardless of how insignificant you think your company is to a criminal’s plans, you never know what kind of data they may be seeking from you or what they plan to do with it. But there are steps you can take to prepare against hackers, including:

  • Educating employees on the proper protocol when opening attachments or sending sensitive information
  • Performing background checks on employees to ensure that they do not have a cybercriminal history
  • Backing up data so that any lost information can be recovered
  • Ensuring your computers, servers, and other electronics are secure with the right firewalls and virus protection programs
  • Protecting your business with security solutions and cyber liability insurance


Nationwide commissioned Edelman Intelligence to conduct a 20-minute, online survey between April 9-20, 2018, among a sample of 1,000 U.S. business owners. Business owners are defined as having between 1-499 employees, being 18 years or older and self-reporting as either a sole or partial owner of their business. The margin of error for this sample was +/-3 percent at the 95 percent confidence level. As a member of CASRO in good standing, Edelman Intelligence conducts all research in accordance with Market Research Standards and Guidelines.

Small Business Icon
Learn more about Nationwide business insurance Talk to a specialist  

Nationwide is providing this information as part of its Business Solutions Center website content and e-newsletter. The information included on this e-newsletter and the Business Solutions Center website is designed for informational purposes only. It is not legal, tax, financial, or any other sort of advice; nor is it a substitute for such advice. The information may not apply to your specific situation. We have tried to make sure the information is accurate, but it could be outdated or even inaccurate, in parts. It is the reader's responsibility to comply with any applicable local, state, or federal regulations, and to make their own decisions about how to operate their business. Nationwide Mutual Insurance Company, its affiliates, and their employees make no warranties about the information, no guarantee of results, and assume no liability in connection with the information provided.