43% of cyberattacks target small businesses.

Every year, hackers find new ways to exploit vulnerabilities in company systems and networks. As quickly as security experts respond to an attack, hackers develop new malware to jeopardize your data, your clients, and your small business. In 2020, these statistics will set the scene for cyber security for medium size business and small business:

  • Only 14% of small businesses are prepared to defend themselves against a cyberattack.
  • 60% of small companies go out of business within just six months of a cyberattack.
  • More than half of all small businesses suffered a breach within the last year.

With recent events in the Middle East and ongoing tensions with China, Russia, and North Korea, security experts predict an increase in the number of cyber-attacks in 2020. Continue reading to learn about cyber security trends in 2020 that will affect your small business.

Increased Adoption of Cloud Computing

Cloud computing is increasingly popular because it can reduce IT costs and risks by providing users with data storage, applications, and data protection via the Internet. In 2020, cloud solutions are expected to become more affordable to smaller businesses. Cloud computing services include:

  • Data storage: store, back up, share, and access files from anywhere.
  • Data backup: preserve your data in the event of a natural disaster, cyberattack, or other data loss event.
  • Software as a service (SaaS): access an application or suite of applications, like Office 365, Google Apps, QuickBooks Online, and Salesforce.

When considering a cloud vendor, be sure to understand their approach to data protection. Learn how they:

  1. Authenticate users to control access to your data
  2. Encrypt your data to protect it in the event they are hacked.

Cost of Malware Attacks Expected to Increase

According to the Ninth Annual Cost of Crime Study, malware is the most costly type of attack for organizations—the average cost of a malware attack is $2.6 million. Malware is software designed to damage devices, steal or delete data, and cause havoc to business operations. Malware includes:

  • Viruses that infect files and spread uncontrollably, damaging individual computers or networks.
  • Spyware that secretly records your online activity, including passwords, credit card numbers, surfing habits, and more.
  • Ransomware that locks down your computer and threatens to delete your data unless you pay a ransom.
  • Trojans disguised as or hidden in legitimate software to create security vulnerabilities that attackers use to install other malware into your system or network.

To reduce the impact of malware on your business, be aware of social engineering attacks, which typically involve emails from strangers, offers that are too good to be true, and unexpected alerts from government agencies, financial institutions, or well-known IT companies. The rule of thumb is: If you don’t know who it came from or what it is, don’t click on it.

Rise of Connected Systems Increases Vulnerability

With today's integrated supply chains, large companies often rely on smaller vendors to help develop and deliver products and services. 

To gain visibility and maximize efficiency, firms may integrate their systems with their smaller partners. Because smaller companies often lack the IT security resources needed to defend against cyberattacks, hackers often target them to access larger firms' business operations. 

The Internet of Things (IoT)—the collection of software-enabled devices (sensors, tablets, applications, and computers) that exchange data—is a potential source of vulnerability. According to Ponemon, 56% of companies suffered a breach that originated from one of their vendors. Because the number of IoT devices is increasing—Juniper Research estimates that IoT sensors and devices will number 50 billion by 2022—companies will need to secure more endpoints against intrusion.

While it’s important to secure core business systems, small businesses must also protect less critical systems that can be hacked to access sensitive data. Hackers can use seemingly innocuous devices like networked Webcams, printers, smoke alarms, thermostats, security cameras, and digital cameras to access a company’s network.

If your small business relies on IoT devices, be sure to secure each one.

Cyber Insurance Plans Mitigate the Cost of a Breach

In their 2018 Healthcare Workforce Survey, Accenture found that 18% of healthcare employees were willing to sell confidential data to unauthorized parties. Small businesses must defend against not only external threats, but also malicious actors within the organization. 

To cover potentially devastating financial losses from a data preach, many firms are purchasing cyber liability insurance. Between 2018 and 2024, the cyber security insurance market is expected to increase from $5 billion to $21 billion. 

If your company uses or stores employee or client data, you should consider buying a cyber insurance policy to mitigate the crippling costs of business interruption, remediation, settlement, and legal fees.


Attackers are launching more sophisticated and rapid cyberattacks. It’s almost certain that every company will be attacked—if not breached. Cyber security for small business is imperative. To ensure your business is positioned to succeed in today’s cyber landscape, you need to defend your firm from attack. These five cybersecurity steps will help protect your small business in 2020:

  1. Back up your data. Data is the lifeblood of most businesses. If data is stolen, destroyed, or tampered with, the consequences can be devastating. If you store your data on internal servers rather than in the cloud, be sure to back it up frequently.
  2. Update your systems. Stay on top of patches to your company systems to protect your business from exploits.
  3. Enable your firewall. Your firewall is one of your first lines of defense. Ensure it is enabled and properly configured.
  4. Refresh your passwords. Ensure your employees regularly update their passwords. Enforce strong password policies that mix special characters, numbers, and letters. Consider using multi-factor authentication to protect access to your network and systems.

Educate your employees. While your IT department or vendor is ultimately responsible for protecting your business, the weakest link in the security chain is often employees. Be sure they understand and practice behaviors that promote cybersecurity.