Impending Chaos: One in Twenty Small Businesses Will Suffer Financial Loss

Rob Hegedus, Program Director, CHECKLIGHT® 

The Looming Threat

Cybersecurity threats against small businesses in the United States have surged dramatically in recent years, and the trend shows no signs of slowing. According to recent data, 43% of all cyberattacks target small businesses¹, with 61% of Small and Medium-Sized Businesses (SMBs) reporting being attacked in 2023 alone². These attacks are not just frequent: they’re costly. The average cost of a ransomware attack on a very small business (less than 20 employees) is $46,000, and more than half of victims end up paying over $100,000³. In 2020, over 700,000 attacks against small businesses resulted in $2.8 billion in damage⁴. That number is expected to double by 2026, meaning that one in twenty small businesses in the United States will suffer some financial loss due to a cyber-attack.

The nature of these attacks is evolving. Ransomware, phishing, and malware remain the most common threats, with 82% of ransomware attacks targeting companies with fewer than 1,000 employees⁵. Small businesses are particularly vulnerable due to limited IT budgets, lack of cybersecurity expertise, and often no formal cybersecurity policies. In fact, 80% of small businesses still operate without one⁵.

Looking ahead, the projections are even more alarming. Cybercrime is expected to cost the world $10.5 trillion annually by 2025 (that’s roughly 10% of Global GDP!), with small businesses continuing to be prime targets due to their perceived vulnerability. Cybersecurity professionals predict that cyberattacks will occur every 39 seconds, and the number of attacks against small businesses is expected to rise by 15% year-over-year, driven by increased digitalization and the adoption of cloud-based services.

Where Cyber Insurance Falls Short for Small Businesses

The cyber insurance market is aware of this trend and is experiencing significant growth. The market size was valued at $16.66 billion in 2023 and is projected to grow to $120.5 billion by 2032.  That is a compounded annual growth rate of 24.5% during the forecast period⁶. There are very few industries that can boast that gradient of expected growth.

There is a significant disconnect, however.  The most underserved cyber insurance market is the small and medium-sized businesses, emphasis on the small.  There are roughly 33 million small business in the United States, and according to the insurance industry, there are only 4.3 million cyber insurance policies issued to small businesses⁷.  That’s a penetration rate of only 13 percent.  The other 87% of SMBs are being targeted and breached just as frequently as those with policies, so why isn’t this solution adopted more broadly?  The problem is qualification and affordability.

Cyber insurance applications can be burdensome in technical qualification requirements, and for most small businesses the costs to acquire the necessary network and endpoint protections to bring premiums down to affordable levels is out of reach.  So what options do they have?

A Smarter Solution: Cyber Financial Protection Tied to Cyber Technology

Fortunately, enterprising insurance companies, beginning at the Managing General Agent level, are addressing this significant gap in coverage by working with underwriters and technology providers to adopt a new strategy to combine the technology with the underwritten coverage.  In essence, the cybersecurity technology becomes the application process, and the financial protection is tied to the efficacy of the product.  Because at the end of the day, do small business owners have the time to do a thorough comparative analysis of every technology in the cybersecurity market, or do they just want peace of mind from a potentially business-ending cyber breach?

This is why we worked with the insurance industry to create CHECKLIGHT®.  Instead of asking business owners to master complex tools or navigate endless vendor comparisons, it delivers practical, continuous protection in a way that actually fits how small businesses operate.  And more importantly, it provides financial peace of mind.

The Path Forward

We are entering a period where cybersecurity is no longer optional. It is a fundamental requirement to doing business. The question isn’t whether threats will continue, it’s how effectively we can prepare and respond.  The future belongs to those who approach cybersecurity not as a burden but as a manageable part of their overall risk strategy. CHECKLIGHT® is an example of an insurance-industry accepted solution to make that possible by combining technology and financial peace of mind into a single, affordable, and easily accessible platform.

About the Author

Rob Hegedus is a former military intelligence officer and prior CEO of a cybersecurity firm.  Seven years ago he was made aware of the growing fissure between protected and unprotected small businesses from increasing cyber threats and started working with the insurance industry to find a solution.  He is currently the CHECKLIGHT® Program Director at CISO Global, Inc.

Sources

1. 2024 Verizon Data Breach Investigations Report: 43% of cyberattacks target companies with fewer than 500 employees. https://www.verizon.com/business/resources/reports/2024-dbir-data-breach-investigations-report.pdf
2. New BlackFog research: 61% of SMBs were victims of a cyberattack in the last year. https://www.blackfog.com/smbs-were-victims-cyberattack/
3. 2025 Cyber Attack Report: How Much Are Data Breaches Costing Small Businesses? https://smartfinancial.com/cyber-attack-costs
4. US Small Business Admisitration: Protect Your Small Business from Cybersecurity Attacks. https://www.sba.gov/blog/protect-your-small-business-cybersecurity-attacks
5. 35 Alarming Small Business Cybersecurity Statistics for 2025. https://www.strongdm.com/blog/small-business-cyber-security-statistics
6. Cyber Insurance Market Size, Share & Industry Trends Analysis, By Insurance Type (Standalone and Tailored), By Coverage Type (First-party and Liability Coverage), By Enterprise Size (SMEs and Large Enterprise), By End-user (Healthcare, Retail, BFSI, IT & Telecom, Manufacturing, and Others), and Regional Forecast, 2024-2032. https://www.fortunebusinessinsights.com/cyber-insurance-market-106287
7. National Association of Insurance Commissioners: Report on the Cyber Insurance Market: https://content.naic.org/sites/default/files/cmte-h-cyber-wg-2024-cyber-ins-report.pdf