Think You’re Too Small to Be Hacked? So did the Last 60%

Podcast
Written By News Desk

Let’s play a quick game.

Raise your hand if you’ve ever said: “We’re too small to be worth hacking.”

Now keep your hand up if your passwords are still “Password1” or the name of your dog.

Right. That’s the problem.

The Reality You Don’t Want to Hear

Cybercriminals don’t give a toss about your turnover. They’re not scrolling through Companies House deciding if you’re “worthy.”

They’re running automated scans looking for open doors. Old firewalls. Unpatched servers. Weak passwords. Out-of-date antivirus.

And when they find a weak spot, they don’t care if you’re Tesco or a two-person accountancy in Milton Keynes. They’re in.

That’s why 96% of cyberattacks target small businesses.

And it’s why 60% of those businesses never recover.

The Excuses That Don’t Work Anymore

Small business owners are masters of excuses when it comes to security:

  • “We don’t have anything worth stealing.”
    Really? Payroll records, client databases, and supplier contracts say otherwise.

  • “Our MSP looks after all that.”
    Do they? Or are they charging £20 per seat and leaving RDP open to the internet?

  • “We’re insured.”
    Try filing a claim without MFA or patching and see how quickly that premium turns into a rejection letter.

These aren’t excuses. They’re the plotlines of your future cyber disaster.

What It Actually Costs

Here’s what “too small to hack” looks like when reality hits:

  • A regional solicitor hit with ransomware. Locked out of every case file. Clients left in limbo. ICO investigation incoming.

  • A local school trust breached. Student data leaked. Parents furious. Trustees on the hook for negligence.

  • A manufacturing SME offline for two weeks. Orders cancelled. Clients gone. Recovery bill north of £75,000.

None of them thought they’d be targets. All of them thought wrong.

The Human Factor (AKA: Where Things Really Fall Apart)

Technology isn’t usually what fails first. It’s people.

  • The accounts clerk who clicked “open invoice.”

  • The director who approved a fake transfer while on holiday.

  • The intern who reused their Netflix password for the HR portal.

Hackers love people because people are predictable. They panic. They cut corners. They ignore training.

Which is why security awareness is as essential as backups. If your people aren’t trained, you’re already compromised.

What Actually Works

The silver lining? Protecting yourself isn’t rocket science.

  • Cyber Essentials. Five controls that block 95% of attacks.

  • MFA everywhere. If you can log in with just a password, you’re doing it wrong.

  • Patch your systems. If it’s out of date, it’s vulnerable. End of story.

  • Train your people. Because technology won’t save you from a bored employee clicking on a phishing link.

This isn’t optional anymore. It’s survival.

A Simple Story

I worked with a small business recently who had the classic line: “We’re too small to be interesting.”

Two weeks later, they were locked out of their systems by ransomware. Payroll frozen. Clients furious. Directors panicking.

What saved them? Not luck. They’d already invested in proper backups, tested recovery, and staff training. They still lost time and money, but they didn’t lose the company.

They survived because they stopped telling themselves fairy tales and started acting like a target.

Final Thought

So, are you too small to be hacked?

No. You’re exactly the size hackers love.

The only real question is whether you’ll be ready when it happens.

Because denial isn’t a defence. And hope, as I’ve said before, isn’t a strategy.

News Desk
Next

Why Small Businesses Must Rethink Cybersecurity NOW (Before It’s Too Late)