Ransomware Attacks Continue to Rise Among Small and Mid-Size Businesses by Brandon Bowers

Posted on June 04, 2024 by Brandon Bowers

According to the latest industry reports, ransomware attacks surged in 2023, accounting for nearly one-quarter of all data breaches and costing businesses worldwide an average of $5.13 million.[1] More alarming still, businesses’ security teams detected only 33 percent of all ransomware breaches, whereas 27 percent were disclosed by the attackers, and 40 percent were uncovered by a third party, such as law enforcement or their security provider.[2] As the number of criminals multiplies and finds new ways to exploit vulnerabilities, businesses of all sizes must proactively protect their data across multiple environments and educate their employees to minimize the risks of financial and reputational damages that can result from an attack.

What is Ransomware?

With a ransomware attack, criminals infiltrate and take control of a business’s systems and network and hold its data hostage, bringing all operations to an immediate halt. They then demand victims pay a ransom to allow them to regain access to their files and all the sensitive information they contain. However, there are no guarantees that the attackers will not destroy victims’ files or leak them on the dark web, causing victims irreparable damage, including significant time and expense to recreate their data. For example, it typically takes victims more than 300 days to identify and control a ransomware attack, which generally costs victims 28 percent more than breaches uncovered internally. These costs are one reason why ransomware attacks are particularly damaging to small businesses, 60 percent of which are forced to go out of business within six months following a breach.

 Protecting Against Ransomware Attacks

One of the first steps small- and mid-size businesses should take to protect themselves against ransomware attacks is understanding how these scams begin. Countless studies have found that the most common ways criminals access victims’ systems are 1) phishing scams, in which users are tricked into clicking on malicious links or attachments contained in emails, and 2) stolen or compromised credentials, such as users’ login names and passwords. However, there are several strategies businesses and nonprofits can employ to minimize these risks, starting with the following:

Establish Smart Policies

Educate Employees

 Maintain a Strong Defense

 Employ a multi-layered approach to your cybersecurity program, ensuring your strategies protect your most critical information system assets across various environments.

About the Author: Brandon Bowers is director of Managed Cyber Security Solutions with Berkowitz Pollack Brant Advisors + CPAs, where he provides businesses, professional services firms and family offices with business continuity and recovery, cybersecurity and fully outsourced help desk services. He can be reached at the CPA firm’s Ft. Lauderdale, Fla., office at (954) 712-7000 or


[1] IBM’s 2023 cost of Data Breach Report

[2] IBM’s 2023 Threat Intelligence Index