At Securafy, we talk about cybersecurity all the time—in our emails, on social media, and as part of our key services. Yet, we still wonder: why aren’t small and medium-sized businesses (SMBs) paying closer attention to this critical issue?
Is it limited cybersecurity awareness? Or is it a lack of understanding about the risks businesses face?
The data paints a concerning picture. A study by NinjaOne revealed that 93% of company networks can be penetrated by cybercriminals, highlighting the widespread vulnerability businesses face. Despite this, 36% of small businesses are not concerned about cyberattacks, often believing they are too small to be targeted (BNC Systems).
Let’s explore some of the most damaging breaches this year and what SMBs can learn from them.
What happened: In December 2023, hackers accessed the systems of National Public Data, a background-check company. By April 2024, 2.7 billion sensitive records were leaked onto the dark web.
Who is exposed: Individuals across the US, Canada, and the UK.
Compromised data: Names, past and current addresses, Social Security numbers, dates of birth, and phone numbers.
What happened: In February, a Russian ransomware gang breached Change Healthcare, exploiting systems without multifactor authentication. This attack caused downtime across healthcare institutions, compromising patient data and forcing UnitedHealth to pay $22 million to prevent leaks.
Who is exposed: An estimated one-third of Americans.
Compromised data: Payment information, Social Security numbers, and sensitive medical data.
What happened: Hackers stole data from 73 million AT&T customers in March. By July, another breach targeted AT&T’s account with data giant Snowflake, affecting millions more.
Who is exposed: Over 110 million customers.
Compromised data: Personal information, such as Social Security numbers and phone numbers.
What happened: In June, Synnovis, a UK pathology lab, was attacked by a ransomware gang, resulting in widespread outages across London healthcare institutions.
Who is exposed: Past and current patients, with data going back years.
Compromised data: Patient interactions, including blood test results for HIV and cancer.
What happened: In May, cloud data giant Snowflake suffered a breach through stolen employee credentials. Millions of customer records from companies like Ticketmaster and Advance Auto Parts were stolen.
Who is exposed: Millions of customers across 165 corporations.
Compromised data: Customer records.
These high-profile breaches should serve as a wake-up call for SMBs. Cybersecurity isn’t just a concern for large enterprises—it’s a pressing issue for businesses of all sizes.
In fact, 61% of SMBs were targeted by cyberattacks in 2021, with 18% involving malware (StrongDM). Despite this, only 17% of SMBs consider their cybersecurity capabilities effective (Cyber Readiness Institute).
Many SMBs underestimate their risks because they think they’re too small to be targeted. However, the financial constraints many SMBs face—47% of businesses with fewer than 50 employees lack a cybersecurity budget (BNC Systems)—make them even more attractive to cybercriminals.
Additionally, 24% of U.S. healthcare employees have not received cybersecurity training, showing a broader lack of preparedness (Packetlabs).
While you can’t control whether companies you work with get hacked, there are steps you can take to protect your business and personal data:
At Securafy, we focus on helping SMBs take proactive steps to stay secure. From cybersecurity assessments to network penetration testing, our solutions are designed to close gaps before they become problems.
The question isn’t if your business will be targeted, but when. With 87% of small businesses holding sensitive customer data that could be compromised in a breach (BNC Systems), staying proactive is essential.
Don’t wait for a breach to happen—schedule a free cybersecurity assessment today and ensure your business is protected.