No Business Is Too Small for a Ransomware Attack
Adrien Gendre
—April 29, 2021
—2 min read

A ransomware attack on a large business can result in a lucrative payday for a cybercriminal, but it also brings added challenges. From sophisticated cybersecurity software to large IT teams and security consultants, enterprises are equipped with the tools and resources to respond to a ransomware attack. SMBs, however, are not, and that’s why they’re such a promising target.
Why SMBs are vulnerable to a ransomware attack
Preparedness is everything in cybersecurity, yet a report by Infrascale revealed that 32 percent of SMBs say they don’t have the time or resources to research ransomware solutions, and 32 percent say their IT resources are stretched to the limit. To a cybercriminal, the conditions couldn’t be better.
Additionally, according to Infrascale, 73 percent of SMB victims admit to paying a ransom. This is an exceptionally high number and a strong motivator for cybercriminals. A ransomware payment, however, is the easy and inexpensive part.
According to Datto’s 2020 State of the Channel Ransomware report, the cost of downtime for an SMB reached $274,000 in 2020, a 94 percent increase from the previous year. Cyber insurance can cover the cost of a ransom payment, and this leads many SMBs to believe that they can recover quickly from an attack. Unfortunately, hackers don’t always deliver decryption keys as promised; when they do, they’re often useless. Finally, cyber insurance might not cover other business losses, including those associated with downtime.
Perception vs reality
According to Datto, only 30 percent of SMBs are concerned about ransomware, while 84 percent of MSPs are “very concerned.” This disconnect reveals that MSPs are facing an uphill battle to convince SMBs to take the ransomware threat seriously. Yet if an SMB client were to suffer a ransomware attack, the onus is on the MSP to mitigate the threat.
In 2020, MSPs were consumed with doing just that. Sixty percent of MSPs reported a ransomware attack against an SMB, and 11 percent reported multiple attacks in a single day, according to Datto. European and North American MSPs report more attacks than in any other region, with 85 percent and 77 percent respectively.
The challenge for MSPs
According to a survey by ConnectWise, 43 percent of SMBs outsourced their cybersecurity in 2020. With only 30 percent of SMBs being concerned about ransomware, MSPs and MSSPs must convince SMBs that they’re vulnerable. This, too, is a challenge.
Optimism bias is the psychological response that causes people to believe they’re more likely to experience good than bad outcomes. It’s known as the “illusion of invulnerability,” and it’s what leads SMBs to believe they’re not vulnerable to cyberattacks. In sales conversations, they raise these common objections when MSPs encourage them to invest in cybersecurity:
- We’re too small to be a target.
- Cybersecurity is too expensive.
- We have nothing that they want.
Convincing an SMB that they’re vulnerable to a ransomware attack is critical to preventing attacks. Without their buy-in on all fronts, the likelihood of stopping an attack is low. Technology is only one part of the equation. When a hacker breaks through a security layer, and they will, people must provide reinforcements.
From leadership to regular staff, all must recognize the potential of an attack and receive the training and support they need to be part of the solution rather than the problem. MSPs are therefore responsible not only for protecting their clients but also providing the necessary education and tools to raise cybersecurity awareness and maintain it at peak levels.
No business is too small for a ransomware attack. Cybersecurity, although not cheap, is cheaper than a successful ransomware attack. Finally, every business is a digital business, and data is a currency. For SMBs, believing they aren’t a target is the illusion of invulnerability that makes them both a highly vulnerable and easily penetrable target.