Half of all Ransomware Attacks This Year Targeted Small Businesses

Stu Sjouwerman | Nov 15, 2024

Ransomware Attacks TargetingNew data shows just how crippling ransomware has been on small businesses that have fallen victim to an attack and needed to pay the ransom.

Logic would normally dictate that ransomware gangs are going to go after the “big fishes” – the larger organizations with deep pockets.

But with the advent of the “as a service” model of ransomware, threat actors have found a niche, with many of them focusing on businesses with 1 to 50 employees.

According to Hornet Security’s Q3 2024 Ransomware Attacks Survey report, almost 56% of all the ransomware attacks impacted the small business. And small businesses aren’t prepared, as 1 in 5 paid the ransom to recover their data – that’s 22% higher than the average.

And what makes it even worse is the fact that 60% of the small business victims paid ransom amounts ranging between $10,000 and $100,000 – an extremely material amount of money for businesses with less than 50 employees.

So, if you’re in charge of cybersecurity at a small business, let’s run the numbers and figure out your odds based on the Hornet data.

You basically have a 1 in 8 chance of both being hit by ransomware and having to pay a hefty ransom. So, it makes sense that you need to invest in security awareness training to thwart off phishing attacks (the primary ransomware attack vector, according to Hornet’s data) and to keep the organization secure.

KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

Uncover Technical Blind Spots and Exfiltration Risks with Free BreachSim

Data exfiltration is a critical target for cybercriminals, yet most organizations fail to detect breaches internally. Run our 100% harmless BreachSim tool on Windows 10+ workstations to safely simulate over 12 realistic data exfiltration scenarios following the MITRE ATT&CK framework, pinpoint your infrastructure’s weaknesses, and get actionable results in minutes.

Launch Your Free Breach Simulation

Secure the Digital Workforce: Human + AI

KnowBe4 empowers the modern workforce to make smarter security decisions every day. Trusted by more than 70,000 organizations worldwide, KnowBe4 is the pioneer of digital workforce security, securing both AI agents and humans. The KnowBe4 Platform provides attack simulation and training, collaboration security, and agent security powered by AIDA (Artificial Intelligence Defense Agents) and a proprietary Risk Score. The platform leverages 15 years of behavioral data to combat advanced threats including social engineering, prompt injection, and shadow AI. By securing humans and agents, KnowBe4 leads the industry in workforce trust and defense.