Is Your Business a Target for Cybercrime? Warning Signs, Real Costs, and What Most Companies Get Wrong

Cybercrime is not a matter of “if” but “when” for most businesses. And despite what you might assume, the biggest companies are not the biggest targets. Small and medium-sized businesses account for 43% of all cyberattacks, and 76% of U.S. SMBs have been targeted in recent years, according to the Ponemon Institute. Attackers go after smaller companies precisely because they have valuable data and fewer resources to defend it.

Cybersecurity Ventures has called cybercrime “the greatest transfer of economic wealth in history”, and the numbers back it up. Global cybercrime costs have surged from $3 trillion in 2015 to a projected $10.5 trillion annually, growing at roughly 15% per year. That is more profitable than the global trade in all illegal drugs combined.

Here are the signs your business is a target for cybercrime, the real costs, and what you can do about it.

Table of Contents

• The 7 Warning Signs of Common Cyberattacks
• What Do Hackers Want From Your Organization?
• Why They Target Businesses Like Yours
• The “Too Small to Hack” Myth
• The Real Cost of Cyber Attacks
• Real-World Breaches That Prove No One Is Safe
• The Cybersecurity Challenges Every CEO Needs to Face
• Common Cybersecurity Mistakes That Leave Businesses Exposed
• Would Your Organization Survive?
• Frequently Asked Questions
• Take Action Before It Is Too Late

The 7 Warning Signs of Common Cyberattacks

1. Increased Phishing Attempts Targeting Your Employees

A spike in sophisticated phishing emails is one of the earliest and clearest red flags. More than 90% of all data breaches begin with a phishing email, according to Cofense, and cybercriminals are getting better at making them convincing. Pretexting attacks, where an attacker invents a believable scenario to trick someone into handing over credentials or transferring funds, have doubled in recent years, according to Verizon’s Data Breach Investigations Report.

This is not just about the obvious “Nigerian prince” emails anymore. Modern phishing scams look like a request from your CEO to wire money to a vendor, a fake password reset from Microsoft 365, or an email from “HR” with an attachment about benefits changes. In one widely reported case, an east coast town lost $445,000 to an email scam where an attacker impersonated a vendor and redirected a legitimate payment. Businesses have had employees’ paychecks redirected after someone fell for a spoofed email asking them to update their direct deposit information.

When phishing attempts spike, tighten your email filters, run targeted awareness training, and remind your team: if something feels off, pick up the phone and verify before clicking. For organizations across the Chicagoland area, working with a cybersecurity services provider that includes email filtering and phishing simulation makes this kind of rapid response far more manageable.

2. Unusual Network Activity

Unexplained traffic spikes, sluggish performance, frequent system crashes, or unauthorized access attempts are all signs that something may be wrong. Cybercriminals often spend days or weeks inside a network before launching their actual attack, probing systems, escalating privileges, and mapping your data before you even know they are there. Attackers frequently seek to gain access to administrative accounts, which enables them to control critical systems and impersonate leaders, significantly increasing the risk of internal manipulation and fraud.

Organizations that detect and contain a breach within 30 days save more than $1 million compared to those that take longer, according to IBM. Intrusion detection systems, network monitoring, and regular log reviews are not optional anymore, they are how you catch an attacker in the reconnaissance phase before they do real damage.

3. Compromised Employee Accounts

Suspicious activity on employee accounts, failed login attempts from unfamiliar locations, logins at unusual hours, or accounts suddenly accessing data they normally would not touch, can indicate that credentials have been stolen. There are an estimated 8.4 billion stolen credentials circulating on the dark web right now. Proactive dark web monitoring can alert you when your organization’s credentials appear on criminal marketplaces, often before attackers use them. If even one of your employees reuses a password that was exposed in another breach, an attacker may already have a key to your front door.

Enforce multi-factor authentication everywhere. Not just email, every system, every application, every remote access point. Only an estimated 57% of businesses currently use MFA, which means 43% are leaving the door unlocked.

4. Data Breaches in Your Industry or Among Competitors

Cybercriminals often target specific industries and reuse the same tactics across similar organizations. If your competitors or businesses in your sector have recently been breached, your risk just went up significantly. Attackers know that companies in the same industry tend to use the same software, follow similar processes, and have similar vulnerabilities.

Healthcare, manufacturing, and financial services are consistently among the most targeted sectors. If you operate in any of these spaces, the question is not whether attackers are interested in your data, it is whether your defenses are strong enough to stop them.

5. Weak or Outdated Security Infrastructure

Unpatched systems, outdated software, end-of-life hardware, and missing security tools make your business an easy mark. According to the Ponemon Institute, sixty percent of breaches in recent years have been traced back to unpatched vulnerabilities, problems that had known fixes available but were never applied. Only 38% of small businesses regularly update their software, according to industry surveys.

Legacy systems are a particular risk. They often cannot support modern security tools, and migrating away from them is expensive and disruptive, which is exactly why so many businesses put it off. But attackers know this too, and they specifically look for organizations running outdated systems.

This goes beyond just servers and workstations. IoT devices, HVAC systems, security cameras, smart building controls, are connected to your network and are often running firmware that has never been updated. These devices can serve as entry points for malicious software, allowing attackers to move laterally into your core systems.

6. Social Engineering Beyond Email

Phishing gets the most attention, but it is not the only way attackers manipulate people. Social engineering includes fake IT support calls, impersonation of vendors or executives, physical tailgating into secure areas, and even dumpster diving for sensitive documents. Kevin Mitnick, one of the most famous hackers in history, built his career almost entirely on social engineering, calling into companies, impersonating employees, and talking his way into systems without writing a single line of code. At security conferences, he demonstrated how easy it was to compromise an email account or clone an ID badge in real time.

Ninety-five percent of all data breaches involve human error, according to IBM. Train your people to verify requests through a second channel, question anything unusual, and report suspicious interactions immediately, not just suspicious emails.

7. Publicly Available Sensitive/Financial Information

If sensitive business information, customer lists, financial records, internal documents, employee data, is exposed online through misconfigured cloud storage, unsecured websites, or simple employee negligence, you have painted a target on your back. Cybercriminals actively scan for these exposures.

But it is not just publicly exposed data that puts you at risk. Simply storing sensitive data makes you a target, healthcare records, Social Security numbers, credit card numbers, bank routing numbers, driver’s license numbers, and EINs all have value on the dark web. Over 530,000 Zoom accounts were found for sale on the dark web during the pandemic, according to BleepingComputer, harvested through credential stuffing attacks. Regularly audit your online footprint, enforce strict data-handling policies, and make sure cloud storage permissions are reviewed at least quarterly.

What Do Hackers Want From Your Organization?

Understanding what attackers are after helps you understand why your business is a target, even if you do not think you have anything worth stealing.

Hackers want data. Specifically, they want email addresses, Social Security numbers, financial information, trade secrets, customer databases, and login credentials. What they do with that data depends on the attacker, but it typically falls into a few categories.

Selling it to competitors. Corporate espionage is real. Stolen client lists, pricing strategies, and proprietary processes have direct value to competitors willing to pay for them.

Holding it hostage. Ransomware attacks encrypt your data, disrupt operations, and threaten to publish sensitive files unless you pay. Change Healthcare paid $22 million in Bitcoin after a ransomware attack that compromised 145 million patient records, and the payment set a dangerous precedent that told criminals healthcare organizations will pay. For a deeper look at how ransomware works and how to defend against it, see our ransomware guide.

Identity theft. Stolen information like Social Security numbers is used to open bank accounts, apply for government benefits, take out loans, and file fraudulent tax returns, all in your employees’ or customers’ names.

Selling credentials on the dark web. Stolen data, contact information, email-password combinations, and financial records, is sold in bulk to other criminals who use them for further attacks. There are an estimated 8.4 billion stolen credentials available on the dark web.

Stealing money directly. Compromised bank account credentials and credit card numbers translate immediately into cash. Business email compromise scams alone cost organizations billions of dollars annually.

Why They Target Businesses Like Yours

Why would a hacker want to attack an organization like yours? What motivates cybercriminals is simpler than most people think: money, revenge, and ego.

The vast majority, 86%, according to the Verizon DBIR, are financially motivated. They are running a business, and your data is their product. According to IBM’s 2024 Cost of a Data Breach Report, the average cost of a data breach is $4.88 million globally and $9.36 million in the United States. Criminal organizations like DarkSide made $90 million in Bitcoin before shutting down. These are not lone hackers in basements. They are organized operations with customer support, affiliate programs, and profit margins.

Some attacks are driven by revenge, disgruntled former employees who still have access to systems, contractors who feel they were treated unfairly, or insiders who sell credentials to external attackers. The insider threat is real: 94% of organizations have experienced an insider data breach, according to the Ponemon Institute.

And some do it for the challenge. Kevin Mitnick famously said he hacked systems “to prove he could.” While ego-driven hackers may not be after your money directly, the damage they cause to your systems, reputation, and operations is just as real.

The “Too Small to Hack” Myth

If you have ever thought your business is too small to attract hackers, you are in the majority, and you are wrong. A CNBC/Momentive survey found that 56% of small business owners are not concerned about being targeted by cyberattacks. Meanwhile, 61% of SMBs experienced at least one cyberattack in the past year, according to Verizon.

The gap between confidence and reality is staggering. Only 28% of SMBs have an incident response plan, according to the Ponemon Institute. Fourteen percent have no cybersecurity plan at all. And 43% of small businesses have zero cybersecurity solutions in place, according to a ConnectWise survey, no antivirus, no monitoring, no firewall beyond what came with the router.

This is exactly why attackers target SMBs. Large enterprises spend an average of $9 million annually on cybersecurity, according to Deloitte. Small businesses cannot match that same level of investment. Attackers know this and view SMBs as low-hanging fruit, less effort to breach, and still plenty of valuable data to steal.

The Real Cost of Cyber Attacks

The cost of cyberattacks is higher than most business owners realize, and the costs go far beyond the immediate incident and can cause significant damage to your bottom line.

The average data breach costs $4.88 million globally, a 10% increase from the year before, according to IBM. For small and mid-sized businesses specifically, breach costs range from $120,000 to $1.24 million, according to the Ponemon Institute. At a global scale, cybercrime costs an estimated $11.4 million every single minute, according to Cybersecurity Ventures.

But the total number obscures where the money actually goes. The real cost of a breach breaks down into several categories:

• Lost productivity while systems are offline, 40% of attacked SMBs experience 8 or more hours of downtime (Cisco/National Center for the Middle Market)
• Investigation costs to determine what happened and prevent it from happening again
• Data repair and recovery
• Legal exposure and regulatory fines, Home Depot paid $134.5 million to banks and $19.5 million to victims after their 2013 breach
• Reputation management, the long, expensive work of rebuilding customer trust after their data has been compromised

And 83% of small businesses are financially unprepared to recover from a cyberattack, according to the Insurance Information Institute. According to widely cited research from the National Cyber Security Alliance, an estimated 60% of small businesses that suffer a major breach close their doors within six months.

Real-World Breaches That Prove No One Is Safe

The biggest data breaches of 2024 affected billions of people and some of the most recognizable brands in the world.

National Public Data lost 2.7 billion records, including Social Security numbers that ended up on the dark web. Ticketmaster exposed 560 million customers‘ names, email addresses, and payment information. Change Healthcare suffered the largest healthcare breach in history, compromising 145 million patient records and forcing the company to pay a $22 million ransom, while patients lost access to prescriptions and life-saving care because billing systems went offline. AT&T had 73 million customer records exposed. Dell lost 49 million records.

These are massive companies with dedicated security teams and substantial budgets. If they can be breached, any business can.

And it is not just the giants. Target’s 2013 breach started through a compromised HVAC vendor. An east coast town lost $445,000 to an email scam. The MGM Hotels breach in 2021 started with a social engineering phone call. Equifax, Uber, Sony, the list keeps growing. Attackers do not discriminate by company size. They discriminate by vulnerability.

The Cybersecurity Challenges Every CEO Needs to Face

According to PwC, seventy percent of business executives say they feel cyber risks are increasing, and they are right. But feeling the risk and doing something about it are two different things. Here are the challenges that keep showing up at the leadership level.

The human factor. Ninety-five percent of data breaches involve human error (IBM), and only 5% of company folders are properly protected, according to Varonis. You can buy every security tool on the market and still get breached if your people are not trained. Employee education is not a one-time event, it is an ongoing program that needs to be updated as threats evolve.

The insurance gap. Many companies assume their general business or property insurance covers cyberattacks. It almost certainly does not. Cyber insurance is a separate product with its own requirements, and many policies have exclusions that business owners do not discover until they file a claim.

The budget squeeze. Only 51% of small businesses allocate any budget to cybersecurity, according to an UpCity survey. The pandemic forced many organizations to cut costs, and cybersecurity budgets were often the first to shrink, right when remote work was expanding the attack surface. Healthcare organizations, for example, spend an average of just 7% of their IT budget on cybersecurity, according to a Gartner analysis.

The insider risk. Ninety-four percent of organizations have experienced an insider data breach, according to the Ponemon Institute. This is not always malicious, it includes employees accidentally sending sensitive data to the wrong person, falling for phishing, or using weak passwords. But disgruntled former employees with unrevoked access are a real and growing threat.

Common Cybersecurity Mistakes That Leave Businesses Exposed

Most breaches are not the result of sophisticated zero-day exploits. They are the result of avoidable mistakes.

Relying on a single IT person with a reactive approach. Waiting until something breaks to fix it is not a cybersecurity strategy. Threats are constant and evolving. A reactive approach means you are always responding to damage rather than preventing it. This is one of the primary reasons businesses partner with a Chicago managed IT services provider, to get the proactive measures, monitoring, patching, and threat detection, that a single in-house resource cannot maintain alone.

Assuming default security is enough. Many businesses rely on whatever security came built into their operating system, like Windows Security, without layering on dedicated antivirus software, endpoint detection, network monitoring, or email filtering. Default security tools are a starting point, not a solution.

Failing to train employees regularly. A single annual training session is not enough. Ninety percent of cybercrimes start with a spear-phishing email (PhishMe), and attackers constantly change their tactics. Training needs to be ongoing, specific, and reinforced with simulated attacks.

Not deploying multi-factor authentication. MFA blocks the vast majority of credential-based attacks, yet 43% of businesses still do not use it. If you implement one security improvement tomorrow, make it MFA on every account and every system.

Not keeping software updated. Only 38% of small businesses regularly update their software. Every unpatched vulnerability is an open invitation. Automated patching should be standard practice, not an afterthought.

Would Your Organization Survive?

This is the question every business owner needs to ask honestly.

An estimated 60% of small businesses that suffer a major cyberattack close within six months. Eighty-three percent are financially unprepared to recover. Forty percent of businesses that are attacked experience more than eight hours of downtime, and for many, that downtime cascades into lost customers, failed deliveries, missed deadlines, and broken trust, threatening business continuity itself.

The FBI has reported a 400% spike in cyberattack reports since the start of the COVID-19 pandemic.

Remote work expanded the attack surface dramatically, 88% of U.S. security professionals say attacks increased with the shift to remote work (Deloitte), and 89% of organizations experienced a cyberattack directly linked to COVID-era changes (Anomali). Unsecured remote desktop connections jumped 40% during the pandemic (McAfee), and 978,000 new malware threats are released every single day, according to the AV-TEST Institute.

The threat is not theoretical. It is here, it is growing, and it does not care how big or small your business is. The only question is whether you are prepared.

Frequently Asked Questions

What are the most common signs that a business is being targeted by cybercriminals? The most common early warning signs are a spike in phishing emails targeting your employees, unusual network activity like traffic spikes or unauthorized access attempts, failed login attempts from unfamiliar locations, and data breaches affecting companies in your industry. If you notice any of these, it is time to review your security posture immediately.

What do hackers actually want from small businesses? Hackers want data, email addresses, Social Security numbers, financial records, customer databases, and login credentials. They use this data to commit identity theft, sell it on the dark web, hold it for ransom, or steal money directly. Even small businesses store data that has significant value to attackers.

Is my business really too small to be targeted by cyberattacks? No. Forty-three percent of cyberattacks target small businesses, and 76% of U.S. SMBs have been targeted in recent years. Attackers specifically target smaller organizations because they tend to have weaker security than large enterprises while still holding valuable data.

How much does a cyberattack cost a small business? For small and mid-sized businesses, breach costs typically range from $120,000 to $1.24 million. This includes lost productivity, investigation costs, legal exposure, data recovery, and reputation damage. An estimated 60% of small businesses that suffer a major breach close within six months.

What are the biggest cybersecurity mistakes small businesses make? The most common mistakes are relying on a reactive approach instead of proactive monitoring, assuming built-in security tools are sufficient, failing to train employees regularly, not implementing multi-factor authentication, and not keeping software updated. Ninety-five percent of breaches involve human error.

What is the difference between phishing and social engineering? Phishing is one type of social engineering, specifically, it uses email to trick people into clicking malicious links or providing credentials. Social engineering is the broader category that includes phone-based scams, impersonation of vendors or executives, physical tailgating into buildings, and any tactic that manipulates human trust rather than exploiting technical vulnerabilities.

Why are cyberattacks increasing? Cybercrime is increasing because it is extremely profitable, increasingly automated, and hard to prosecute across international borders. The shift to remote work expanded the attack surface, and many businesses cut cybersecurity budgets during the pandemic. Nation-state groups have also entered the cybercrime space, adding government-level resources and persistence to the threat landscape.

How can I protect my business from cyberattacks? Start with the fundamentals: deploy multi-factor authentication on every system, keep all software patched and updated, train employees regularly on phishing and social engineering, implement network monitoring and intrusion detection, maintain tested backups, and have an incident response plan. For most businesses with 25 to 250 users, partnering with a managed IT services provider is the most cost-effective way to maintain comprehensive protection.

What should I do if I think my business has been breached? Isolate affected systems immediately, contact your IT security provider or incident response team, preserve evidence for investigation, notify affected parties as required by law, and report the incident to the FBI’s Internet Crime Complaint Center (IC3). Do not try to handle a breach internally without professional support, the first hours of response are critical and mistakes can make the damage significantly worse.

Take Action Before It Is Too Late

If even one of these signs sounds familiar, your business may already be in a cybercriminal’s sights. Most attacks do not start with a bang, they start with a click, a weak password, or a system nobody has looked at in months.

At LeadingIT, we help Chicagoland businesses lock down their systems and stay ahead of emerging threats before they become headlines. LeadingIT is a cyber-resilient technology and cybersecurity services provider. With our concierge support model, we provide customized solutions to meet the unique needs of nonprofits, schools, manufacturers, accounting firms, government agencies, and law offices with 25–250 users across the Chicagoland area. Our team of experts solves the unsolvable while helping our clients leverage technology to achieve their business goals, ensuring the highest level of security and reliability. Call us at 815-788-6041 or book a free assessment today.