Cyber Attacks Cost US Small Businesses Over $8,000 Annually, Reveals Hiscox Cyber Readiness Report 2023

Atlanta, GA – December 5, 2023 – Hiscox, the international specialist insurer, reveals the median cost of cyber-attacks has decreased for US small businesses from $10,000 in 2022 to $8,300 in 2023.

The annual Hiscox Cyber Readiness Report, which gauges businesses’ preparedness to combat cyber incidents and breaches, surveyed over 5,000 professionals responsible for their company’s cyber security strategy from the USA, UK, France, Germany, Spain, Belgium, Republic of Ireland and The Netherlands. Key findings specific to the more than 500 US small business professionals surveyed include:

  • Small businesses are aware of the cyber risk: Small businesses see cyber as a real threat. Thirty-three percent of US small businesses consider cyber risk high or very high, which is ahead of economic issues and competition.
  • The cost of cyber-attacks has dropped: The median cost of cyber-attacks for one business in a year is approximately $8,300, down from about $10,000 last year. Although the cost is down, the median number of attacks has risen from 3 in 2022 to 4 in 2023.
  • Ransomware is costing small businesses in a big way: US small businesses paid over $16,000 in cyber ransoms over the past 12 months. For businesses that paid ransoms, only half (50%) recovered all their data and 27% of the time, hackers made additional demands for money.
  • Phishing is still the primary point of vulnerability: In ransomware attacks, the most common points of entry were phishing (53%), unpatched servers/VPN (38%), and credential theft (29%).
  • While IT security spending has increased, there are still areas of vulnerability: Despite a 10% increase in median IT budgets and a 24% increase in cybersecurity spending over the last 12 months, 59% of small businesses don’t use security awareness training. Further, 43% of the businesses surveyed don’t have network-based firewalls.
  • Small businesses are protecting themselves: 53% of US small businesses have either a standalone cyber insurance policy or have cyber coverage through another policy.
  • When it comes to cyber maturity, there is more work to be done: For all sizes of business, the US ranks second (behind France, 2.98) for cyber maturity with a score of 2.94. When it comes to cyber expertise, 63% of small businesses in the US are intermediates and only 4% are cyber experts.

“In the never-ending arms race of cyber criminals versus cyber security, new technology developments and employee training can tip the scales either way,” said Chris Hojnowski, Vice President and Product Head of Technology and Cyber for Hiscox in the US. “Phishing is still the most common point of entry for ransomware attacks, and new developments like AI can undermine our tried and trusted ways of spotting a phishy email. Proactivity is the best form of defense when it comes to cyber, and a team is only as strong as the weakest link - or least-trained employee - in the chain.”

Related Materials

The Hiscox Cyber Readiness Report 2023

About the Study

Hiscox commissioned Forrester Consulting to gather information about businesses cyber activities and readiness. In total 5,005 professionals responsible for their company’s cyber security strategy were surveyed (over 900 each from the USA, UK, France and Germany; more than 400 from Spain; and 200-plus from the Belgium, Republic of Ireland and The Netherlands). Respondents completed the online survey between 9 January 2023 and 2 February 2023.

We have adopted median rather than mean or average figures and restated prior-year figures in the same terms. Given the extreme variation in the underlying figures between the smallest and largest firms, this provides a more accurate representation of the respondents as a whole.

About The Hiscox Group

Hiscox is a global specialist insurer, headquartered in Bermuda and listed on the London Stock Exchange (LSE:HSX). Our ambition is to be a respected specialist insurer with a diverse portfolio by product and geography. We believe that building balance between catastrophe-exposed business and less volatile local specialty business gives us opportunities for profitable growth throughout the insurance cycle.

The Hiscox Group employs over 3,000 people in 14 countries, and has customers worldwide. Through the retail businesses in the UK, Europe, Asia and the USA, we offer a range of specialist insurance for professionals and business customers as well as homeowners. Internationally traded, bigger ticket business and reinsurance is underwritten through Hiscox London Market and Hiscox Re & ILS. In the US, Hiscox small business Insurance is underwritten by Hiscox Insurance Company Inc., a Chicago-based insurance company.

Our values define our business, with a focus on people, courage, ownership and integrity. We pride ourselves on being true to our word and our award-winning claims service is testament to that. For more information, visit

The content provided above is provided for general informational purposes and is not intended, nor shall it be deemed, to be a solicitation of insurance with regard to any particular or specific person or entity.

Media Contacts

Lucy Baines
Hiscox USA
+1 646 560 9399
[email protected]

Hayley Susino
Hiscox USA
+1 646 452 2365
[email protected]