There are some sobering statistics on the impact of an attack. US small businesses paid over $16,000 in ransoms last year, according to the Hiscox Cyber Readiness 2023 report. “Ransomware is costing small businesses in a big way,” says Christopher Hojnowski, VP and product head of technology and cyber at Hiscox insurers, who works with over 600,000 small businesses across the US.

Only half of surveyed businesses that paid a ransom ended up getting their data back, while half had to rebuild systems. In addition, a staggering 27% were attacked again, and another 27% were asked for more money, the survey found. “It’s certainly not recommended to pay the ransom,” says Hojnowski.

3. Viewing cybersecurity as just a technology problem

Cybersecurity can’t be addressed with technology alone and in many ways it’s a human problem, according to Sage. “Technology enables attacks, technology facilitates preventing attacks, technology helps with cleaning up after an attack, but that technology requires a knowledgeable human to be effective, at least for now,” they say.

This also feeds into other problems, which are a lack of budget and no dedicated responsibility for cybersecurity. “These are significant challenges for SMBs, leaving them without guidance on compliance frameworks and a clear direction, and reliant on providers for support,” says Iqbal.