Shieldpay stories

Why small businesses are being targeted by cybercriminals

Companies of all size and industry are at risk of cyber attacks, but studies have revealed that smaller businesses are the ones being targeted the most. Although a cyber attack on a little-known, small business doesn’t get the same press coverage as the big businesses do, it doesn’t mean that these enterprises aren’t getting attacked frequently - in fact, there are multiple attacks on a daily basis. The data held by SMEs is becoming increasingly valuable to cybercriminals, and the damage small businesses may face as a result of these attacks can be much more damaging to them than it would be for larger businesses.

   1. Lack of preparation

Large enterprises have the ability to set aside time and money specifically for the improvement of the company’s security. This can include more expensive and effective antivirus software and higher quality training for their staff, so they know what to look out for in emails and pop-ups. SME’s rarely have the same level of defences as these larger companies - their lack of basic technical security measures and their frequent inability to deal with attacks makes them much more vulnerable. Although SMEs are more likely to focus on factors such as maintaining a strong cash flow and hiring the most effective mix of expertise, small business owners should pinpoint the easiest potential points of access for hackers and work from there to keep their business protected from damaging cyber attacks. Frequently educating staff on common email scams and building a culture of security can prove effective, often more so than investing in expensive hardware or software. 

   2. SMEs can act as a gateway

Many scammers will try to use smaller businesses to access larger companies that they are working with as SME’s tend to have less effective security measures in place and so can be hacked much more easily than a larger corporation. These small businesses may be supplying a larger enterprise with goods or services, and so act as a golden ticket for a hacker to access a large enterprise’s network. The small business may have sensitive data such as names and contact details which hackers can then use.

   3. SMEs are a useful target for hackers

Small businesses have limited funds, so nearly all small businesses have computer-based data that is needed in order for the company to operate. This makes them a useful target for hackers. A serious breach of this information could severely affect a small business’s reputation, potentially leading to the company having to shut down. 

   4. Easier to get away with it

Given SMEs have fewer funds and resources than larger businesses, they are far less likely to have technology in place for creating and protecting audit logs, along with detecting an attack as it occurs. They do not have the data needed to establish admissible evidence against a hacker, or the resources to access law enforcement as the larger firms do. This makes it easier for the enterprise to be hacked and for the hacker to get away without getting caught, arrested or punished than if they had attacked a larger, more well-known organisation. Small businesses are also more likely to fail completely as a result of being hacked, so although some may want to pursue political action against the hackers, they simply do not have the time or resources to do so.

   5. Insiders are the most common culprits

According to recent studies, over half of all attacks on businesses were actually from insiders. Humans are the biggest and most common security threat that businesses of all sizes face, with some hacks being the result of simple human errors, whilst others are due to malicious intent. When looking at deliberate attacks, businesses have found that it tends to be either employees who have just joined the company or those who are leaving the company that were the common culprits. However, some attacks aren’t due to an employee’s malicious intent - some are simply because of a lack of awareness of viral threats and simple human error.

To get ahead of this - it's best to introduce cybersecurity policies up front in the onboarding process of all new employees and then continue to educate them on the basics of cybersecurity, providing training and examples of possible scams they could receive, like in emails or elsewhere.


Shieldpay protects both buyer and seller in any transaction so that you can deal with anyone, anywhere with total confidence.

How do we do it? We verify the identity of both sides, funds are held securely in the Shieldpay vault and only released when both sides agree they’re happy. If anything doesn’t go to plan, we help out with any disputes!

Find out more about 
Shieldpay, or let us know your thoughts by leaving us a comment or chatting to us on Twitter, we'd love to hear from you! 😉



Want regular updates straight to your inbox?

Recent Posts