US Small Businesses Hit Hard by Cyberattacks, Driving Up Costs and Inflation
A new report from the Identity Theft Resource Center (ITRC) reveals that 81% of US small businesses—those with fewer than 500 employees—experienced a data or security breach in the past year, with nearly 40% raising prices as a direct consequence. The findings, based on interviews with 662 business owners and executives, highlight a growing financial strain on small enterprises, which ITRC president James Lee describes as a "hidden cyber tax" on consumers.
The report warns that these breaches are fueling inflation and placing an unequal burden on small businesses, which often lack the resources of larger corporations. Lee emphasized that the resilience of the US economy is increasingly tied to the cybersecurity of small businesses, urging policymakers to address the issue at state and federal levels.
AI-powered attacks were a major driver, cited by 41% of affected businesses, alongside external threat actors (43%) and malicious insiders (42%). The ITRC cautioned that AI is being weaponized to create hyper-realistic phishing emails, deepfake BEC scams, adaptive malware, and automated reconnaissance, allowing cybercriminals to mimic insider knowledge at scale.
Despite the rising threat, the report uncovered a "dangerous disconnect" between confidence and preparedness. While the number of leaders who felt "very prepared" for an attack dropped from 57% to 38%, adoption of critical security measures declined. Multi-factor authentication (MFA) usage fell from 34% to 27%, and investment in new security tools dropped by 15% year-over-year.
The ITRC’s findings underscore the escalating challenges small businesses face in defending against cyber threats, particularly as AI lowers the barrier for sophisticated attacks.
Source: https://www.infosecurity-magazine.com/news/twofifths-smbs-raise-prices-after/
National Small Business Association cybersecurity rating report: https://www.rankiteo.com/company/nsbaadvocate
"id": "NSB1765446891",
"linkid": "nsbaadvocate",
"type": "Breach",
"date": "1/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'location': 'United States',
'size': 'under_500_employees',
'type': 'small_businesses'}],
'attack_vector': ['phishing',
'business_email_compromise',
'malware',
'insider_threat'],
'data_breach': {'data_exfiltration': True,
'personally_identifiable_information': True},
'date_publicly_disclosed': '2025',
'description': 'The vast majority of US small businesses suffered a data or '
'security breach over the past year, with many (38%) putting '
'up their prices as a result. The report highlights the '
'financial burden of cyber-threats on small businesses, '
"describing it as a 'hidden cyber tax' on consumers. "
'AI-powered attacks, external threat actors, and malicious '
'insiders were primary causes of breaches.',
'impact': {'brand_reputation_impact': True,
'data_compromised': True,
'identity_theft_risk': True,
'operational_impact': 'price_increases'},
'lessons_learned': 'Small businesses must focus on people, process, and '
'technology to mitigate AI-driven attacks. There is a '
'disconnect between confidence in cyber-resilience and '
'actual security controls adoption.',
'motivation': ['financial_gain', 'data_exfiltration'],
'post_incident_analysis': {'root_causes': ['AI-powered attacks',
'external_threat_actors',
'malicious_insiders']},
'recommendations': ['Implement multi-factor authentication (MFA)',
'Invest in new security tools',
'Focus on people, process, and technology to tackle '
'AI-driven threats'],
'references': [{'date_accessed': '2025',
'source': 'Identity Theft Resource Center (ITRC)'},
{'source': 'Verizon DBIR'}],
'threat_actor': ['external_threat_actors', 'malicious_insiders'],
'title': 'US Small Businesses Suffer Widespread Data and Security Breaches',
'type': ['data_breach', 'security_breach']}