SMBs Hike Prices After Cyberattacks: The “Cyber Tax”
▼ Summary
– A vast majority (81%) of US small businesses experienced a data or security breach in the past year, with 38% raising prices as a direct result.
– The report frames these breach-related costs as a “hidden cyber tax” that fuels inflation and disproportionately burdens small businesses, harming the national economy.
– AI-powered attacks were blamed by 41% of breached businesses, as AI enables hyper-realistic phishing, deepfakes, and malware that mimic insider threats.
– A “dangerous disconnect” exists where business leaders’ confidence in their cyber-resilience fell sharply, yet adoption of key controls like multi-factor authentication also declined.
– The ITRC calls for new public policy initiatives to help small businesses and advises them to focus on people, processes, and technology to counter AI-driven threats.
A significant number of American small businesses experienced a security or data breach in the last year, with a notable portion responding by raising prices for their customers. This trend, highlighted in a recent industry study, reveals a hidden cost being passed along to consumers, effectively creating a “cyber tax” that fuels broader economic inflation. The financial aftermath of these incidents forces many small companies into a difficult position, often choosing between maintaining affordable pricing and funding essential cybersecurity defenses.
The study’s findings indicate that an overwhelming majority, 81% of small businesses surveyed, dealt with some form of breach. Among those affected, 38% reported increasing their prices as a direct result. This decision underscores the substantial financial impact of cyber incidents, which include recovery costs, regulatory fines, and lost revenue. For smaller enterprises with limited budgets, these expenses are particularly burdensome and frequently get absorbed into the cost of doing business, ultimately affecting the end consumer.
Leadership at the organization behind the report emphasized the macroeconomic implications. They described this dynamic as an unfair burden that hampers economic growth and stability. Small businesses are critical for job creation and community support, yet they operate at a severe disadvantage against sophisticated cyber threats. The current environment demands greater attention from policymakers to develop supportive frameworks that can help level the playing field and protect the broader economy.
When examining the causes of these breaches, AI-powered attacks were cited by 41% of the affected businesses as a primary factor. This emerging threat leverages artificial intelligence to craft highly convincing phishing messages, create deepfake media for fraud schemes, and develop adaptive malware. The technology essentially allows external attackers to mimic the insider knowledge that has traditionally been a key advantage for malicious employees, enabling scams to be executed with alarming precision and scale.
The report also uncovered a concerning gap between executive confidence and actual security practices. While the percentage of business leaders feeling “very prepared” for an attack dropped significantly, the adoption of fundamental security measures declined in parallel. Implementation of multi-factor authentication (MFA) saw a notable decrease, and overall investment in new security tools fell. This disconnect suggests that while awareness of the threat is growing, practical investment and procedural follow-through are not keeping pace.
To combat the rising tide of AI-driven threats, experts recommend a balanced strategy focusing on three core areas: people, process, and technology. Strengthening human defenses through continuous security awareness training is essential, as many attacks still rely on human error. Organizations must also review and fortify internal processes for incident response and access control. Finally, investing in updated technological solutions, even incrementally, can provide critical layers of defense against increasingly automated and intelligent cyber campaigns.
(Source: InfoSecurity Magazine)
