Stay up-to-date with the latest insurance and investing news, tips, and information.

5 Types of Cyber Attacks That Threaten Small Businesses

May 19, 2021

Cyber attacks and data breaches at Sony, Honda Canada and Target have raised awareness of the growing threat of cyber attacks—yet surveys suggest that many small business owners are still operating under a false sense of cyber security. One way large companies protect themselves from cyber attacks is with Cyber Liability Insurance.

The stats are concerning: only 25 per cent of small business owners have had a third-party test their computer systems, and nearly 40 per cent do not have their data backed up in more than one location.

Despite these cyber security exposures, 85 per cent of small business owners believe their company is safe from hackers, viruses, malware, and/or data breaches. Furthermore, more and more large companies are becoming more serious about data security.

These facts lead to small businesses becoming increasingly attractive targets for cyber attacks.

Small Businesses Are "Easy" Targets for Cyber Attacks

Many Canadian small businesses lack a formal Internet security policy for employees, and only about half have cyber security measures in place.

This disconnect is largely due to the widespread, albeit mistaken, belief that small businesses are unlikely targets for cyber attacks. In reality, data thieves are simply looking for the path of least resistance. An Insurance Bureau of Canada study found that 37 per cent of businesses struck by a cyber attack cost them over $100,000.

Cyber Attacks Could Destroy Your Small Business

Large companies are devoting more resources towards data security, making small businesses increasingly attractive targets. The results can be devastating for small business owners.

The average cost of a cyber attack on a small or medium-sized business is nearly $200,000. As a result, nearly 60 per cent of the small businesses victimized by a cyber attack permanently close their doors within six months. Many of these businesses put off making necessary improvements to their cyber security protocols until it was too late because they feared the costs would be prohibitive.

Five common types of cyber attacks threatening small businesses

Denial-of-service attacks (DoS)

A DoS attack occurs when a cyber criminal sends a large amount of data from multiple computers in order to overwhelm your system and shut it down. This attack can result in a direct loss in revenue, as your website could be down for extended periods of time.

Inside attacks

Cyber attacks don't always come from outside sources. In some cases, a disgruntled employee who has access to your system can hijack your critical data and hold it for ransom.


Malware is any malicious software that can be used to gain access to your system and cause damage. Typically, malware refers to worms, viruses, and ransomware.

Password attacks

Password attacks are when hackers crack your password and gain access to your system. This type of attack can be difficult to defend against because it doesn't always require a malicious code or software.

Complete Guide to Passwords


Phishing is a cyber attack in which a hacker disguises him- or herself as a trusted source in order to acquire sensitive information. This can be accomplished via email or other direct forms of online contact.

To protect themselves from all types of cyber breaches, small businesses should consider evaluating their systems for exposures on a regular basis. In addition, it is important to train workers on cyber security and ensure that antivirus and other protective measures are up to date and operational.

Cyber criminals understand that small businesses don't have the same money as larger enterprises to protect themselves from cyber attacks. A cyber liability insurance policy is just one way to protect your business from cyber attacks.

10 Ways to Prevent Cyber Attacks on Small Businesses

Even if you don’t currently have the resources to bring in an outside expert to test your computer systems and make security recommendations, there are simple, economical steps you can take to reduce your risk of falling victim to a costly cyber attack:

  1. Train employees in cyber security principles.
  2. Install, use and regularly update antivirus and antispyware software on every computer used in your business.
  3. Use a firewall for your Internet connection.
  4. Download and install software updates for your operating systems and applications as they become available.
  5. Make backup copies of important business data and information.
  6. Control physical access to your computers and network components.
  7. Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace make sure it is secure and hidden.
  8. Require individual user accounts for each employee.
  9. Limit employee access to data and information, and limit authority to install software.
  10. Regularly change passwords.

Work With A Cyber Security Expert

A data breach could cripple your small business, costing you thousands or millions of dollars in lost sales and/or damages.

We recommend having a third-party complete a review and ask your insurance broker for a Cyber Liability Insurance application.

Contact your Scrivens insurance broker to discuss cyber insurance coverage options to protect your company against losses from cyber attacks.