How ‘Small’ Is a ‘Small Business’, and does this mean we have a ‘Bigger’ cybersecurity problem than we thought?
As I was preparing to moderate a panel for SecureWorld Chicago last month that focused on the cybersecurity challenges facing small and medium businesses (SMBs) today (a topic near and dear to my heart, as it’s the reason why Malcom Risk Advisors was formed), I admittedly learned some things I previously wasn’t aware of (one of the benefits that comes with never being the smartest person in the room). Because these simple facts resulted in my recognition that the problem I’m trying to solve is much larger than I realized, I thought they would be worth sharing with my faithful readers.
I knocked over my Gatorade about 5 minutes after we started and couldn’t reach it the rest of the session :( Also, I don’t know why there was ‘caution’ tape separating me from the rest of the panel. I felt kind of like a zoo animal.
First, I’ll share what was probably the most straight-forward, but also what I found to be the most surprising statistic of them all. According to the US Small Business Administration (SBA), approximately 99.9% of businesses in the United States are considered a ‘small business’. The SBA defines a ‘small business’ as 1) one that employees fewer than 500 employees (for most industries), or 2) meeting certain revenue limits, which vary by industry.
Here is a breakdown of US businesses by size category, based on data from the US Census Bureau and the US SBA:
Breakdown of US Businesses by Size Category
I read one report from the US Small Business Administration, and my target market just turned into 99.9% of all businesses in the US (I’m going to need some help here, folks). Seriously though, this is an extremely concerning graphic when you consider that every statistic that I’ve shared with you previously or any that you’ve read that relate to security challenges facing Small and Medium Businesses APPLIES TO NINETY-NINE POINT NINE PERCENT OF ALL BUSINESSES IN THE US. Let’s go through some of the greatest hits of SMB cybersecurity statistics once again:
75% of small businesses have experienced at least one cyber attack in the past year
60% of small businesses that undergo a cyber attack go out of business within six months
The average cost of a data breach impacting a small business in 2025 is estimated to be $120,000
50% of small business owners believe they are not a target for cyber criminals
On average, small businesses spend less than 5% of their annual IT budget on cybersecurity
Each of these statistics alarmed me when I first saw them, but when you read them with the lens of knowing they apply to 99.9% of all businesses in the US, that hits even harder. Listen, I know security is not glamorous. It may not directly increase your revenues. But do you really want to deal with the consequences that accompany being one of the 75% of small businesses that undergo a cyber attack this year? Or worse, do you want to be one of the 60% that goes out of business due to a cyber attack? Don’t each of these bullet points make you reconsider if cybersecurity is an investment worth more than 5% of your total IT budget? And I’m no longer directing these questions to a ‘niche’ market….I’m talking to 99.9% of all businesses in the US.
Cybersecurity is a complex topic for anyone, and as a business owner myself, I can understand why it might not be a topic high on your to-do list as you are struggling to become or stay profitable. But that’s what I’m here for and it’s why I started this company. Cybersecurity no longer needs to be daunting to you. I won’t throw a bunch of confusing jargon and buzzwords at you. I want to de-mystify this topic by explaining the actual impact a cybersecurity attack can have on your business. I will propose a solution that mitigates the cybersecurity risks most relevant to your business, ensuring that your investment in cybersecurity is maximized.
I’m using my years of experience in designing and implementing the cybersecurity capabilities possessed by the .1% of large businesses to design solutions that make these same capabilities available and affordable to the other 99.9% of businesses. No matter what industry you are in, please don’t think you aren’t a target. Reach out and let’s discuss how Malcom Risk Advisors can make cybersecurity one less thing your business has to worry about.
