Email Security Blog

What Makes Small Businesses an Easy Target for Phishing?

America’s small businesses should be bracing themselves for a veritable cyber-shock, based on data from a recent survey of more than 2,000 small businesses. Why? Because even though annual cybercrime losses topped $4.2 billion in 2020, the majority of small business owners are unafraid and unprepared - making them easy targets for email phishing disasters.1,2 

Consider the following survey outcomes:2

  • 56% of American small business owners responding to the survey said they are not concerned that their business will be a victim of cybercrime in the next year.
  • Yet, only 22% are spending more on cybersecurity than they were a year ago
  • 59% are confident in their ability to resolve a cyberattack quickly
  • Yet, only 28% admitted to having an established set plan to respond to such an attack
  • 42% of small businesses have no security plan at all
  • 26% have cybersecurity insurance
  • Business owners under the age of 35 are more likely to have cyber insurance or spend on cybersecurity than their older counterparts

Certainly, American small businesses have a lot to worry about these days. The slow “rise from the ashes” following the pandemic was a miraculous feat for many. With all of their energies focused on rebuilding their companies, something as seemingly random as a phishing attack was not on the minds of everyone. And yet, the pandemic also provided the perfect opportunity for an escalation of phishing scams and threats. According to the FBIs’ Internet Complaint Center (IC3), “2020 saw the emergence of scams exploiting the COVID-19 pandemic. The increase in crimes reported in 2020 may have also been due in part to the pandemic driving more commerce and activities online. The latest numbers indicate 2021 may be another record year.”3 If crime volume is any indication, the IC3 stated that it took 7 years for the centre to log its first 1 million cybercrime complaints, and yet its most recent million-call milestone was reached in just 14 months.3

Don’t Hackers Prefer to Attack Big Businesses?

Phishing attacks, regardless of their scale, are not only targeting large enterprises. While the ransomware attacks on Colonial Pipeline and JBS prove there is big money in cybercrime, in the Senate Judiciary Committee meeting in July on the topic of Preventing and Responding to Ransomware Attacks, the larger worry was that small businesses are bearing the brunt of attacks – potentially 75% of the time.This spells additional trouble for small businesses, including those who have managed to dodge dangerous phishing attacks thus far.

It’s also key to note that there are numerous levels of cybercriminals. At the top of the food chain, you have large teams of highly experienced experts. Toward the bottom, you’ll find newcomers, including individuals who want to test their cyber hacking skills or even those who have purchased Hacker Tutorials from the dark web in order to launch their own criminal career. To them, small businesses make great targets for phishing attacks, especially the ones who are not protected.

What’s a Small Business to Do?

There are a handful of simple best practices all small businesses should implement right away if they are not already doing so. Keep in mind though, these are only best practices. They’ll help the situation but they won’t stop a phishing attack from blindsiding your business.

  1. Talk About It: Cyber attacks are growing in number and no company is safe. Cybersecurity must be a regular part of your business discussions. Begin with the next staff meeting.
  2. Create Policies: With a little research and contemplating, you can devise a set of cyber safety policies for your business. When you have, roll them out to every employee, make it part of initial training, and revisit them regularly with staff.
  3. Back-Up Your Files: This is especially true if your company stores large or sensitive data files – in the cloud or otherwise. Ransomware attacks seem to be a hacker favorite these days. Remediation costs for a company that had incurred a ransomware attack in 2019 were over $761,000. In 2020, the figure had more than doubled.5

Beyond Simple Best Practices to Phishing Prevention

To truly beat cybercriminals at their own game and prevent all types of sophisticated phishing emails from landing in your employees’ inboxes, you need to step up your cybersecurity game. Investing in the right technology in order to protect your company from phishing attacks is no longer something you should consider to be optional. INKY is the industry’s best solution for the security of your email. Cost-effective and powerful, INKY can be implemented quickly, regardless of whether your employees work at the office or remotely. INKY provides the most comprehensive malware/ransomware and email phishing protection available. It scans every sent and delivered email automatically and flags malicious emails, protecting your organization and your clients from even the most complex threats. INKY’s intelligent machine learning algorithms identify abnormalities in emails, even if the threat has never been seen before.

Schedule a demo or inquire today.


INKY® is the most effective hero in the war against phishing. An award-winning cloud-based email security solution, INKY® prevents the most complex phishing threats from disrupting or even immobilizing your company’s day-to-day business operations. Using computer vision, artificial intelligence, and machine learning, INKY® is the smartest investment you can make in the security of your organization. INKY® is a proud winner of the NYCx Cybersecurity Moonshot Challenge and a finalist in the 2020 RSAC Innovation Sandbox Competition. Learn more about INKY® or request an online demonstration today.


2Source: (CNBC | Momentive Q3 Small Business Survey)