Cyber attack on corporate servers

The Hiscox Cyber Readiness Report 2021

US Small Business

Download Report

Small business is big business for cyber criminals

The average cost of cyber attacks on a small business over 12 months is $25,612, and in the past year, the average small business experienced five cyber attacks.

With 63% of the small business workforce now working remotely, over half (53%) of US small businesses believe they are more vulnerable to cyber attacks. Securing the company servers, the most common point of entry for cyber criminals, is a critical step to minimizing vulnerabilities.

Download 2021 Cyber Readiness Report PDF

The pandemic has drastically altered the small business landscape

Pre-pandemic, 14% of the small business workforce was working remotely. Currently, 63% of the workforce is working remotely.

Beyond shifting to remote working, small businesses have also reduced operational costs (40%), paused hiring (36%), increased use of collaboration technologies (26%) and expanded online payments (23%). These factors can all contribute to a more complex company network, and an increase in ‘cyber-stress’ for small businesses.

US Cyber Readiness Bar Chart

Prevent, Detect and Mitigate the risk of cyber attacks

To be cyber ready in the new virtual world of work, people, processes and technology must be considered. When it comes to preventing and managing cyber attacks, there are a few simple, yet effective, steps that small businesses can take:

  • Prevent: Involve and educate employees at all levels within the business. Have a formal budgeting process in place and ensure cyber security is considered and prioritized in decision-making. Cyber security spending is moving up the agenda, as 39% of US small businesses expect it to increase over the next 12 months.
  • Detect: Include intrusion detection and ongoing monitoring on all critical networks. Track violations (including those that are successful and thwarted), and generate alerts using both automated monitoring and manual logging.
  • Mitigate: Create a plan for all incidents, from detection and containment to notification and assessment, with specific roles and responsibilities clearly defined. Regularly review response plans to integrate emerging threats and new best practices. One of the fastest and easiest ways to bolster your protection and insure against financial risks is with a stand-alone cyber policy or endorsement, yet 49% of US small businesses do not currently have one.

Find out more

Learn how your business stacks up and how you can be more cyber ready by downloading the full report.

Download 2021 Cyber Readiness Report PDF

To receive more content like this from Hiscox USA, including market-leading research, reports and articles from our experts on running a small business, enter your email address here:


The content is provided for general informational purposes and is not intended to and does not constitute business or legal advice to any particular person or entity.