The Average Annual Cost of Cyber Attacks for a US Small Business is $25k Reveals Hiscox Cyber Readiness Report 2021

New York, NY – May 13, 2021 – Hiscox, the international specialist insurer, reveals that in the past 12 months, 23% of small businesses suffered at least one cyber attack, with an average annual financial cost of $25k. Although small businesses quickly adapted to remote working, it has left many feeling more vulnerable to cyber attacks.

The Hiscox Cyber Readiness Report 2021 gauges businesses’ preparedness to combat cyber incidents and breaches. Now in its fifth year, the study surveys over 6,000 professionals from the US, UK, Belgium, France, Germany, the Netherlands, Spain and Ireland who are responsible for their company’s cyber security.

Key findings specific to the 590 US small businesses surveyed (under 250 employees) include:

  • Small business doesn’t mean small costs: the average financial cost of cyber attacks to a US small business over 12 months is high at $25,612.
  • The pandemic creates ‘cyber-stress’ for small businesses: With 63% of the small business workforce now working remotely, over half (53%) of US small businesses believe they are more vulnerable to cyber attacks. Securing the company servers, the most common point of entry for cyber criminals, is a critical step to minimizing vulnerabilities.
  • Priorities are mismatched when it comes to partners: For small businesses, the most critical priority over the next 12 months is complying with security requirements of their business partners (20%), over their own existing threats and vulnerabilities (18%). However, over one in three US small businesses (35%) do not fully disclose to all relevant internal and external stakeholders when a cybersecurity incident has occurred.
  • Cyber protection is set to grow: Although 49% of US small businesses do not currently have a cyber insurance policy, 39% expect their cyber security spending to increase over the next 12 months.

Meghan Hannes, Cyber Product Head for Hiscox USA commented, “Small business can mean big business for cyber criminals. We know the financial impacts of cyber attacks can be substantial, and small businesses are increasingly feeling ‘cyber stress.’ The good news is, there are measures businesses can take to help mitigate the risk.”

To ensure cyber readiness in the new virtual world of work, small businesses must consider people, processes and technology. When it comes to preventing and managing cyber-attacks, Hiscox recommends taking the following steps:

  • Prevent: Involve and educate employees at all levels within the business. Have a formal budgeting process in place and ensure cyber security is considered and prioritized in decision-making.
  • Detect: Include intrusion detection and ongoing monitoring on all critical networks. Track violations (including those that are successful and thwarted), and generate alerts using both automated monitoring and manual logging.
  • Mitigate: Create a plan for all incidents, from detection and containment to notification and assessment, with specific roles and responsibilities clearly defined. Regularly review response plans to integrate emerging threats and new best practices. Insure against financial risks with a stand-alone cyber policy or endorsement.


Related Materials

The Hiscox Cyber Readiness Report 2021™

About the Study

Hiscox commissioned Forrester Consulting to assess organizations' cyber readiness. In total 6,042 professionals responsible for their organizations' cyber security strategies were surveyed (1,000-plus each from the USA, UK, France and Germany; more than 500 each from Belgium, Spain and The Netherlands; and 300-plus from the Republic of Ireland). Respondents completed the online survey between 5 November 2020 and 8 January 2021.

We have adopted median rather than mean or average figures and restated prior-year figures in the same terms. Given the extreme variation in the underlying figures between the smallest and largest firms, this provides a more accurate representation of the respondents as a whole.

About the Hiscox Group

Hiscox is a global specialist insurer, headquartered in Bermuda and listed on the London Stock Exchange (LSE:HSX). Our ambition is to be a respected specialist insurer with a diverse portfolio by product and geography. We believe that building balance between catastrophe-exposed business and less volatile local specialty business gives us opportunities for profitable growth throughout the insurance cycle.

The Hiscox Group employs over 3,000 people in 14 countries, and has customers worldwide. Through the retail businesses in the UK, Europe, Asia and the USA, we offer a range of specialist insurance for professionals and business customers as well as homeowners. Internationally traded, bigger ticket business and reinsurance is underwritten through Hiscox London Market and Hiscox Re & ILS. In the US, Hiscox small business Insurance is underwritten by Hiscox Insurance Company Inc., a Chicago-based insurance company.

Our values define our business, with a focus on people, courage, ownership and integrity. We pride ourselves on being true to our word and our award-winning claims service is testament to that. For more information, visit

The content provided above is provided for general informational purposes and is not intended, nor shall it be deemed, to be a solicitation of insurance with regard to any particular or specific person or entity.

Media Contact

Lucy Baines
Hiscox USA
+1 646 560 9399
[email protected]