First Midwest BankFirst Midwest Bank logoArrow DownIcon of an arrow pointing downwardsArrow LeftIcon of an arrow pointing to the leftArrow RightIcon of an arrow pointing to the rightArrow UpIcon of an arrow pointing upwardsBank IconIcon of a bank buildingCheck IconIcon of a bank checkCheckmark IconIcon of a checkmarkCredit-Card IconIcon of a credit-cardFunds IconIcon of hands holding a bag of moneyAlert IconIcon of an exclaimation markIdea IconIcon of a bright light bulbKey IconIcon of a keyLock IconIcon of a padlockMail IconIcon of an envelopeMobile Banking IconIcon of a mobile phone with a dollar sign in a speech bubbleMoney in Home IconIcon of a dollar sign inside of a housePhone IconIcon of a phone handsetPlanning IconIcon of a compassReload IconIcon of two arrows pointing head to tail in a circleSearch IconIcon of a magnifying glassFacebook IconIcon of the Facebook logoLinkedIn IconIcon of the LinkedIn LogoXX Symbol, typically used to close a menu
FDIC-Insured - Backed by the full faith and credit of the U.S. Government

Suggested Search Terms

    Suggested Search Terms

      Small Business Hacked: Cybersecurity Team Fights Malware Ransomware
      Get Insights

      Get monthly ideas delivered right to your inbox.

      Subscribe for Insights

      For Your Small Business Bruce Crumley March 11, 2026

      The $131 Billion Cybercrime Problem That’s Draining Small Businesses

      Key Summary

      • New research reveals that cybercrime has become a pervasive "hidden tax" on the U.S. economy, with nearly three-quarters of small businesses reporting victimization by fraud or ransomware attacks last year.
      • Beyond the immediate financial loss—which can exceed $90,000 per incident—these digital attacks severely hinder long-term prosperity by stifling company growth, complicating customer retention, and impeding product innovation.
      • While many entrepreneurs view the rise of AI-driven threats with growing alarm, experts emphasize that adopting proven security measures like multifactor authentication and cyber insurance, combined with increased policy support, is essential to curbing these systemic risks.

      New survey data shows nearly two-thirds of small companies were victims to online criminals last year.

      When a major healthcare company, financial institution, retailer, or social media platform falls prey to cybercrime, it generates headlines for days on end. By contrast, small businesses targeted by digital thieves mostly suffer in anonymity, despite a whopping two-thirds of U.S. entrepreneurs reporting they’ve been victims of online fraud.

      Widespread assumptions that cybercriminals only bother targeting the huge data reserves and deep finances of big companies were quantitatively debunked in new research released Feb. 24 by the independent research and education organization, Public Private Strategies Institute (PPSI). Its survey, conducted by Morning Consult, polled 506 U.S. small business owners about cybercrime. It found a stunning 72% said they “were hit by fraud, scams, or ransomware last year” alone. The estimated cost of those online attacks amounted to a staggering $131 billion.

      The frequency, regularity, and scope of those cybercrimes now amount to what PPSI termed a “hidden tax” on small company victims. In addition to the initial funds that are stolen, diverted, or scammed, PPSI said the attacks also result in “draining revenue, slowing growth, and forcing entrepreneurs to divert time and resources away from serving customers and expanding their businesses.”

      The survey results also showed becoming a target of cybercrime is now the rule rather than the exception among smaller employers, and an increasingly serious drain on those companies.

      “When nearly three in four small businesses experience fraud or ransomware in a single year, this is no longer an isolated risk … (it) has become a routine cost of doing business,” said Tammy Halevy, executive director of PPSI’s Reimagine Main Street advocacy project. “At that scale, fraud functions like a hidden tax on entrepreneurship. That’s money that should be going toward hiring, innovation, and growth, not to criminals.”

      Just as bad, 71%of respondents said they believe the spread of artificial intelligence tools will cause fraud and ransomware attacks to become more common in coming months and years. Nearly 30% of participants also expect attempted online crime to become considerably more frequent.

      About 63% of entrepreneurs said they already consider current rates, costs, and consequences of those strikes “a serious problem.”

      According to survey replies, the initial financial loss from online theft averages about $60,000 for payment fraud, and more than $90,000 for compromised email systems. Attacks can run the range from criminals hacking into business networks, phishing scams or adding rigged links in emails, and impersonating employees, customers, or partners in order to gain access to sensitive data or funds.

      But the damage from those attacks to victimized businesses continues and grows even after the initial theft of company money, or ransom payments to regain control of hacked systems. Nearly 44% of participants said fallout from online crime creates trouble in accepting future payments. Around 40% of respondents also said strikes make it both more difficult to keep customers, and to develop new products.

      However, one set of survey findings may offer small business owners clues on how to improve their defenses against online thieves. The key is identifying methods that work — then using them.

      For example, just 48% of survey participants reported using multifactor authentication. Yet 70% of entrepreneurs who said they do use that security method considered it “very effective” in preventing fraud.

      “Similarly, only 24% carry cyber insurance, even though 61% of policyholders say it is very effective,” a report on the survey results said. “And while just 31% conduct regular security audits, 58% of those who do say they are very effective … Among businesses that experienced fraud, 77% say they reported it. Of those who reported, 54% say the matter was fully resolved and another 33% say it was partially resolved.”

      Still, PSSI president Rhett Buttle said the scope, rising frequency, and staggering costs of online crime to small businesses is an indicator that entrepreneurs, their cybersecurity service providers, and financial institution partners cannot defend themselves against digital crooks on their own.

      “This survey makes one thing clear: Small businesses are doing their part, but they cannot fight this battle alone,” said Buttle, describing the stakes involved as a national problem that legislators must take on. “Reducing this hidden tax on entrepreneurship will require stronger coordination between the private sector and policymakers. When small businesses are protected, they can focus on what they do best — creating jobs, serving customers, and driving growth.”

      Learn more about how Old National protects your business.

      This article was written by Bruce Crumley from Inc. and was legally licensed through the DiveMarketplace by Industry Dive. Please direct all licensing questions to legal@industrydive.com.

      Subscribe for Insights

      Subscribe