Why Small Businesses Are Targeted by Cyber Criminals More Than Large Businesses

James Ogier
7th October 2022
Information Security

A lot of smaller businesses assume they fall beneath the radar when it comes to cyber crime, but they are actually attacked by hackers 3x more than larger ones.

Large enterprise businesses hold a lot more sensitive data, have higher cyber insurance policies and will often pay more to recover stolen data, so it’s easy to assume that hackers would target bigger businesses more than small ones. However, a new study by cyber security firm Barracuda Networks debunks this myth. The report analysed millions of emails across thousands of organisations and uncovered an alarming statistic – employees at small companies (100 employees or less) see 350% more social engineering attacks than those at larger companies.

Why are smaller companies targeted more?

Small companies tend to spend less on cyber security.

When you’re running a small business, it can be often be a bit of a juggling act when it comes to prioritising expenditure. Although many business leaders will acknowledge the importance of cyber security, it may not be at the top of their list.

Hackers are well aware of this fact and will know they need to do a lot less work to get a pay-out than they would trying to hack a large enterprise organisation.

Every business has ‘hack-worthy’ resources

Every business, even a one-person shop, has data that’s worth something to a cyber criminal. Credit card numbers, SSNs, tax ID numbers, email addresses, even Spotify accounts! They can all earn bad guys money on the dark web.

Small businesses can provide entry into larger ones

If a hacker can breach the network of a small business, they can often use that to make a larger score. Many small companies provide services to larger ones; digital marketing, website management, accounting, procurement etc. Vendors are often digitally connected to certain client systems. This type of relationship can enable a multi-company breach.

Small business owners are often unprepared for ransomware

Ransomware has been one of the fastest-growing cyber attacks of the last decade. 71% of surveyed organisation have experienced ransomware attacks in 2022. The percentage of victims that pay the ransom to attackers has also been increasing, with an average of 63% of companies paying the attacker money in hopes of getting a key to decrypt the ransomware.

Due to the rising success of ransomware attacks, many more criminals are venturing down this route. Those newer to cyber crime will often target smaller, easier-to-breach companies in the first instance.

Employees at smaller companies may not be as well trained in cyber awareness

Cyber awareness training can be difficult to prioritise ahead of all the other things on the list, especially for smaller organisations that can find it harder to take employees away from their desks. The problem with this though, is that human error opens businesses up to cyber risk more than any other factor.

In the majority of cyber attacks, the hacker needs help from the user, and if the user isn’t trained in how to spot suspicious emails, they could be the key to a successful cyber attack. Successful phishing attempts cause over 80% of data breaches. Teaching employees how to spot these ploys can significantly increase your cyber security.


If you’d like to learn more about what risks your organisation faces and get support strengthening your security strategy, contact us for a free consultation. You can learn more about our Information Security services here.

James Ogier

James has worked at Resolution IT for 8 years, after a period in the aviation industry. After 7 years working in our Information Security team, guiding clients on security best practices, he now works as a Senior Consultant in our Service Delivery team.

James has earned the ISC2 SSCP (Systems Security Certified Practitioner) and is able to certify organisations to the Cyber Essentials and IASME governance standards. He also holds Microsoft MCSA Windows 8 and 10 certifications, CompTIA A+, Network+ and Security+ accreditations, as well being a Certified ISO 27001 ISMS Lead Implementer.

Career opportunities

If you’re looking for your next career move and seeking opportunities offering professional development, rewards and success, then come and talk to us at Resolution IT.

Ready to begin a partnership with us?

Contact Form

"*" indicates required fields

Send us a message

This field is for validation purposes and should be left unchanged.