Why Cybercriminals Are Turning Their Attention to Small Businesses

Cybersecurity & Risk
Written By Callie Poston

For much of the past decade, cybercrime was framed as a threat to multinational corporations and global institutions. High-profile breaches at household-name companies reinforced the belief that size alone made an organisation a target.

That assumption is now outdated.

New figures show that cybercrime is not only accelerating in scale, but quietly reshaping its focus, away from large enterprises and toward small and mid-sized businesses that form the backbone of the global economy.

By the end of 2025, the total cost of cybercrime worldwide reached $10.5 trillion, up from $8 trillion the year before. This represents a growth rate of more than 30 percent in a single year, one of the fastest expansions of criminal activity in modern history.

Yet beneath that headline figure lies a more revealing detail: the average cost per data breach has declined slightly, falling from $4.88 million to $4.44 million.

At first glance, this may appear to be good news. In reality, it signals a troubling shift.

A High-Volume, Low-Visibility Strategy

Cybercriminals are no longer concentrating their efforts on a handful of lucrative targets. Instead, they are pursuing scale, launching repeatable, automated attacks against thousands of smaller organisations, each yielding a modest return.

This model favours speed and probability over precision. Smaller businesses, often operating without dedicated security teams or enterprise-grade monitoring, are easier to compromise and less likely to detect an intrusion quickly. When breaches occur, they attract little public attention, allowing attackers to move on without scrutiny.

The result is an expanding pool of victims, each absorbing damage that may not make headlines but can be devastating at an operational level.

Ransomware Becomes the Default Weapon

Nowhere is this shift more evident than in the rise of ransomware.

In 2024, ransomware was linked to roughly a third of all breaches. By 2025, that figure has climbed to 44 percent, nearly half of all incidents.

Ransomware is effective precisely because it exploits business realities rather than technical weaknesses. For smaller firms, downtime is not an inconvenience; it is an existential threat. Payroll, customer commitments, and regulatory deadlines do not pause during a cyber incident.

Attackers understand this pressure. They design ransom demands that are painful, but often affordable, calibrated to encourage payment rather than resistance.

The Growing Risk of Trusted Relationships

Perhaps the most alarming trend is the sharp rise in third-party breaches, which have doubled year-on-year.

Modern businesses rely on an ecosystem of suppliers: software vendors, cloud platforms, managed service providers, accountants, and insurers. Each relationship introduces risk, and attackers increasingly exploit the weakest link in the chain.

For small businesses, this dependency is particularly acute. Trust is often assumed rather than verified, and security standards vary widely between providers. A single compromised vendor can expose dozens, or hundreds, of downstream clients.

Insurance Reflects the New Reality

The global cyber insurance market is expanding rapidly, growing by approximately 18 percent in the past year alone. But this growth is not driven by reassurance; it is driven by risk.

Insurers are responding to rising claims by tightening requirements. Policies now routinely mandate multi-factor authentication, documented patching, tested backups, and formal security controls. Claims are increasingly denied when these basics are missing.

For many small businesses, cyber insurance is no longer a fallback option. It is a conditional agreement, one that demands demonstrable resilience.

A Quiet Crisis for Small Businesses

The emerging picture is clear. Cybercrime today is less about prestige targets and more about efficiency. Small businesses are not being targeted because they are insignificant, but because they are essential, and often underprepared.

The irony is that most successful attacks still rely on well-known weaknesses: poor access controls, unpatched systems, untested backups, and unchecked supplier risk. These are not failures of innovation, but of visibility and prioritisation.

As cybercrime continues to industrialise, the greatest risk for smaller organisations may not be the sophistication of attackers, but the assumption that they are unlikely to be noticed at all.

Callie Poston

I am the founder of Forever Callie Media, A Content Creation Agency in Essex England. My main focus is to make sure small independent businesses get professional marketing that makes them stand out from the crowd.

https://forevercallie.com
Previous

What’s Included in Managed IT Support for Manufacturers?
Next

What IT support does an automotive engineering company need to meet TISAX requirements?