Malware Attacks on Small Business: What You Need to Know for Insurance

In 2017, a now famous ransomware attack took place over the course of four days. Dubbed WannaCry or Wanna Decryptor, the ransomware attack locked users out of their systems until they paid a ransom of $300 via Bitcoin. If the ransom wasn’t paid quickly enough, the price doubled and after a week, the data stored on the computer was lost forever.

One of the truly upsetting aspects of this particular malware is that it was created by the N.S.A. Unfortunately, it was manipulated and used to lock people and businesses out of critical data on their computers — unless they were willing to pay the ransom to restore their systems.

One incident reported on in The Intercept discussed hospitals across England that were affected by cyber attacks so profound they were encouraging residents to seek medical care ONLY in the event of emergencies. The England attacks affected a huge swath of systems causing issues with X-ray imaging, pathology results, phone systems, and more.

The NY Times also reported that the attack crippled Russia’s Interior Ministry computers as well. Initial reports said that Russia was the hardest hit by the attack, but that it also spread to other countries and regions, including Taiwan, Latin America, Ukraine, India, and Africa.

The New York Times reported that the attack affected 200,000 computers in more than 150 countries around the world. The attacks specifically targeted Windows machines, but the attack was taken as a lesson that it is important for computer users with all operating systems to protect themselves against increasingly bold and aggressive cyber attacks, including hacking, malware, and ransomware.

How Does Malware Affect Business?

Malware attacks on small business is often considered nothing more than an annoyance at first. In the case of ransomware, businesses that pay the “ransom” are out the money for that investment — at the very least. But, there are other costs involved in a malware attack that businesses need to consider. Costs you can’t afford to ignore.

Business Disruption

In the case of the hospitals affected by the ransomware attacks, the costs could be catastrophic because they were forced to turn away non-essential procedures and patients. How much would it disrupt your business if you were forced to operate without the data stored on your computer systems for one hour, one day, or forever? That doesn’t even take into account resources and personnel that are diverted to tackle the problem.

Financial Costs

On top of all a disruption in operations, your business could be forced to pay damages to employees and customers who have had their personal and financial data revealed during a cyber attack. This is in addition to financial losses resulting from the business disruption, loss of information, and other things the attack is directly responsible for. Don’t forget the costs of bolstering your computer systems to guard against future attacks, too.

Many times customers will turn to the law and court system to help them recover from financial losses or other damages that occurred as a result of their information coming to light during a cyber attack.

Loss of Customer Information

If you’re like most businesses, you have a lot of customer information on your computers. This information can be stolen and used to harm the customers you serve — people whose information you’re responsible for safeguarding.

Loss of Reputation

Because you are responsible for protecting personal and financial information relating to your customers — including information that is considered confidential or protected — your reputation will certainly take a hit when you prove unable to do so because of a targeted attack or hack against your business. This loss of reputation has a trickle down effect, as existing customers depart your company for another one who hasn’t had a malware attack or cyber breach and potential customers steer clear of your business.

Many small business owners feel they are too small for hackers and malware operators to target. This is not true at all. While the big targets like Sony, Target, and Home Depot are certainly attractive to experienced hackers, they all get that experience by cutting their teeth on individuals and smaller organizations.

How Does Malware Affect Individuals?

Credit card numbers, other banking account information, usernames, passwords, health records, and other sensitive information obtained and used maliciously by criminals can quickly not only create stress for affected individuals, but also financial hardship.

Who Is at Risk?

While all businesses are at risk for a malware or ransomware attack, there are industries that are more prone. According to BitSight, these include:


Hackers after fast cash know hospitals and healthcare facilities are good targets. If they can hack into the system, which is easier to do because healthcare systems are rarely offline, they can virtually stop operations. Because this can have dire consequences, especially in an emergency healthcare setting, hackers are more likely to get the ransom they demand.

Over the weekend of July 14, 2018, hackers were able to successfully breach LabCorp’s network, a North Carolina-based clinical laboratory. The records of their 115 million patients per year were potentially reached by the hackers. The lab was forced to shut down normal operations and took several days to secure the system.


BitSight found that education has the highest rate of ransomware attacks. The likely reason behind this is because staff has little control over every device on their network. A student with an infected tablet can compromise an entire system.

On April 11, 2018, the Long Beach City College was on the receiving end of a malware attack that took several of their systems offline. Some of these systems included their voicemail, financial services, and faculty and staff email. Luckily, the IT staff was able to work quickly and secure the system. No personal information was breached but the frustration and extra man hours still had a price.


If a hacker wants to go big, they go after the government. While they’re less likely to hack into large government bodies, getting into the smaller ones can cause plenty of damage.

In March of 2018, a ransomware attack brought the Atlanta, Georgia government to a screeching halt. Residents were unable to pay utility bills, government provided Wi-Fi in areas like the airport did not work, and government employees had their hands tied. A ransom of $51,000 was demanded. The city has not clarified whether they paid the ransom or not but it has been reported that the city has spent more than $2.6 million in an effort to erase the damage caused by the attack.

Energy and Utilities

Hackers who want to cause chaos focus on targeting this industry. With the control to take out entire power grids, hackers can demand quite the payout. Like the healthcare industry, these systems are rarely offline, making them more susceptible to successful attacks.

In 2016, an electric and water utility in Michigan was forced to shut down all of their corporate IT systems as a result of a ransomware attack. Customers were unable to report power outages online but there were no interruptions to regular service. The company did not go public with a ransom amount or if they paid it.

Does your business not fit into any of these categories? Don’t rule your small business out just yet. 58% of malware attack victims are categorized as small businesses, and these can be found in any industry. If you’re online, you’re vulnerable. Cyber attacks are costing companies more than $15 million per year and they’re getting harder to fight. So, if we can’t win the war, we can at least go to battle with the best armor possible.

Protect Yourself and Your Business with Cyber Liability Insurance

Computer hacks, malware attacks, and ransomware are all bad news for individuals, small businesses, and large corporations alike. While it would be nice if you had millions to invest in protecting your data and a team of cyber experts working to protect your systems, most people simply cannot afford that.

Which is why it is so important to protect yourself and your business from cyber exposures with insurance protection designed to do just that. Call today to learn more about our insurance solutions and how they help ease the damage caused by malware attacks on small business.

Protect yourself, your business and its customers and employees by taking steps now to reduce your cyber exposure and risks. For a complimentary consultation of your cyber liability risks and to learn more about how to reduce them, including being protected with cyber liability insurance in NYC, fill out our form.

More articles:

Go to blog