Cyberattacks Force 38% of Small Businesses to Raise Prices
The Identity Theft Resource Center found 81% of small and mid-sized firms were breached last year; 38% raised prices and more than half reported losses over $250,000.
Nearly 40% of small- and mid-sized businesses raised customer prices after suffering cyberattacks, the Identity Theft Resource Center reports. The center found 81% of those firms experienced a breach, a security incident, or both in the past 12 months. More than half of affected firms reported financial losses exceeding $250,000.
The findings come from the center’s latest survey of small and medium enterprises conducted to measure breach frequency and cost over the previous year. For the first time, the center reports that 38% of respondents increased prices to cover recovery and remediation expenses. The organization labels the added expense a “cyber tax,” meaning firms pass breach-related costs to their customers rather than the fee representing any formal government levy.
The report compares typical business losses to household savings. The U.S. Federal Reserve’s latest data shows the median American family holds about $8,000 in savings. A loss of $250,000 or more can exhaust personal wealth and threaten a family-run operation that lacks large corporate support such as in-house legal, broad insurance coverage, or dedicated IT teams.
Survey respondents described specific attack methods targeting smaller firms. Reported threats include highly convincing phishing emails generated with artificial intelligence, deepfake voice calls that impersonate company executives, and supply-chain attacks that use small vendors as a route to larger customers. These tactics increase the difficulty for owners and staff to distinguish genuine business requests from fraudulent ones.
Eva Velasquez, chief executive of the Identity Theft Resource Center, highlighted the pricing changes and ongoing impacts in remarks accompanying the report. She warned that even businesses with strong protocols can be exploited because attackers only need one successful attempt while owners must prevent every attack.
The center’s data offers a snapshot of how breaches are translating into direct costs for small employers and their customers, and how rising incident frequency and severity are affecting operational budgets.
