Back to Blog
Cybersecurity Phishing Business

Cyberattacks on the Rise: Is Your Business Next?

Cyberattacks on the Rise: Is Your Business Next?
March 10, 2026 | David Velarde Robles David Velarde Robles

Imagine this: You arrive at work one morning to find your computer locked, your customer files encrypted, and a message demanding thousands of euros to restore access. Your orders can’t be processed, your appointments are gone, and your reputation is on the line. This isn’t a distant threat—it’s happening to businesses right now, and the latest data shows the risk is growing faster than ever.

Nearly half of large companies were successfully attacked by cybercriminals in the past year. But here’s the worrying part: small businesses are often easier targets. Why? Because they usually have fewer defenses in place, making them low-hanging fruit for attackers. If you run a shop, a clinic, a restaurant, or even a one-person business, this isn’t just an IT problem—it’s a risk to your livelihood.

Let’s break down what’s happening, why it matters for your business, and what you can do about it.

The Numbers Are Alarming—and They’re Not Just About Big Companies

Recent research reveals a sharp rise in cyberattacks, with nearly 44% of large businesses experiencing a breach in the last year. But the impact goes far beyond the initial attack:

  • 61% of attacked businesses faced serious disruptions—like being locked out of their systems, losing access to customer data, or even shutting down operations temporarily.
  • 1 in 5 businesses faced extortion—meaning criminals demanded money to restore access to their own files or systems.
  • Global economic losses from cyberattacks now total $18 million per day. That’s not a typo—it’s the cost of stolen data, lost productivity, and recovery efforts across all businesses.

These numbers aren’t just statistics. They represent real businesses—like a bakery unable to process orders, a dental clinic locked out of patient records, or a webshop losing sales because its payment system is down.

And here’s the kicker: small businesses are often hit just as hard, if not harder. While large companies have teams and budgets to recover, a single attack can cripple a smaller business for days—or even force it to close permanently.

How Cybercriminals Are Getting Smarter (And Why Your Defenses Might Not Be Enough)

Cyberattacks aren’t what they used to be. Gone are the days of obvious scam emails with bad grammar and suspicious links. Today’s criminals are using artificial intelligence (AI) to make their attacks far more convincing. Here’s how:

1. AI-Powered Phishing: The Con Artist Who Knows Your Habits

Phishing is when criminals send fake emails, texts, or calls to trick you into revealing sensitive information—like passwords or payment details. In the past, these messages were easy to spot. Now? Over 80% of phishing emails contain AI-generated content, making them nearly indistinguishable from real messages.

  • Old phishing: “URGENT! Your bank account has been hacked. Click here to verify!” (Typos, generic greetings, obvious red flags.)
  • AI phishing: “Hi [Your Name], I noticed an unusual login to your [Bank Name] account from a device in Amsterdam. Can you confirm if this was you? Here’s the details: [Fake but realistic-looking login link].”

The result? AI-powered phishing has a 54% click-through rate—meaning more than half of people who receive these messages fall for them. For comparison, traditional phishing only fools about 12% of people.

Real-world example: A restaurant owner in Rotterdam received an email that looked like it was from their payment processor, asking them to “verify” a recent transaction. The email included the restaurant’s logo, the owner’s name, and even referenced a real recent order. The link led to a fake login page, and within minutes, the criminals had drained the restaurant’s account.

2. Voice and Video Scams: When Criminals Impersonate People You Trust

AI isn’t just making emails more convincing—it’s also being used to clone voices and even faces in real time. This means criminals can impersonate someone you know, like your boss, a supplier, or even a family member.

  • Voice cloning: A criminal records a short clip of someone’s voice (from a voicemail, social media, or even a Zoom call) and uses AI to generate a convincing fake. They might call your receptionist pretending to be the CEO and demand an urgent bank transfer.
  • Deepfake video: AI can create realistic videos of people saying things they never actually said. Imagine receiving a video call from your “accountant” asking you to approve a payment—only to realize later it was a scam.

Why this matters for your business: If you’ve ever used your voice, face, or personal details for security (like voice recognition for banking), you can’t “change” these like you would a password. Once criminals have them, they’re permanent keys to your accounts.

Why Small Businesses Are Prime Targets

You might be thinking: “I’m not a big corporation. Why would cybercriminals target me?” Here’s the hard truth:

  1. You’re an easier target. Large companies have IT teams, firewalls, and security protocols. Small businesses often don’t. Criminals know this, so they go after the low-hanging fruit.

  2. Your data is valuable. Even if you don’t think you have “sensitive” information, you likely store:

    • Customer names, emails, and payment details.
    • Employee records (like payroll or contracts).
    • Financial data (invoices, bank details, tax records).
    • Business plans, pricing strategies, or supplier contracts. All of this can be sold, used for fraud, or held for ransom.

  3. You’re part of a bigger supply chain. Criminals often target small businesses to get access to larger companies. For example, if you’re a supplier for a big retailer, hacking your systems could give criminals a backdoor into the retailer’s network.

  4. The cost of an attack is devastating.

    • Financial loss: The average cost of a data breach for a small business is €25,000–€50,000. For many, that’s enough to force closure.
    • Reputation damage: If customers find out their data was stolen, they may take their business elsewhere.
    • Legal penalties: Under GDPR, businesses can be fined up to €20 million or 4% of global revenue (whichever is higher) for failing to protect customer data.

What You Can Do to Protect Your Business

You don’t need to be a tech expert to reduce your risk. Here are practical steps any business owner can take:

1. Train Your Team (And Yourself) to Spot Scams

  • Never trust unexpected requests for money or data. If an email, call, or message feels “off,” it probably is. Example: If your “supplier” suddenly asks you to pay an invoice to a new bank account, call them to confirm—using a number you already have, not one from the suspicious message.
  • Look for red flags in emails:
    • Urgent or threatening language (“Your account will be closed in 24 hours!”).
    • Generic greetings (“Dear User” instead of your name).
    • Suspicious links (hover over them to see the real URL).
    • Requests for sensitive information (passwords, bank details, etc.).
  • Verify identities. If someone calls or emails claiming to be from your bank, a supplier, or even a colleague, hang up and call them back using a number you trust.

2. Use Strong, Unique Passwords (And a Password Manager)

  • Weak passwords are the #1 way criminals break in. Avoid using “password123,” your pet’s name, or your birthday.
  • Use a password manager (like Bitwarden or 1Password) to generate and store strong passwords. This way, you only need to remember one master password.
  • Enable two-factor authentication (2FA) everywhere. This adds an extra layer of security, like a code sent to your phone, so even if criminals get your password, they can’t log in.

3. Back Up Your Data Regularly

  • Ransomware attacks (where criminals lock your files and demand money) are on the rise. If you have a recent backup, you can restore your data without paying the ransom.
  • Use the 3-2-1 rule:
    • 3 copies of your data (the original + 2 backups).
    • 2 different types of storage (e.g., an external hard drive + cloud storage).
    • 1 backup offsite (in case of fire, theft, or physical damage).
  • Test your backups. Make sure you can actually restore your data if needed.

4. Keep Your Software Up to Date

  • Outdated software is a common entry point for criminals. Enable automatic updates for your operating system, apps, and antivirus software.
  • Don’t ignore update notifications. They often contain critical security fixes.

5. Limit Access to Sensitive Data

  • Not everyone in your business needs access to everything. For example:
    • Your receptionist probably doesn’t need access to payroll data.
    • Your delivery driver doesn’t need customer credit card details.
  • Use role-based access. Only give employees access to the data and systems they need to do their jobs.

6. Have a Plan for When (Not If) an Attack Happens

  • Know who to call. Have a list of contacts, like your IT provider, bank, and insurance company, in case of an attack.
  • Don’t pay ransoms. Paying doesn’t guarantee you’ll get your data back, and it funds criminal activity. Instead, focus on restoring from backups.
  • Report the attack. In the Netherlands, you can report cybercrime to Politie Cybercrime. This helps authorities track trends and may assist in recovering your data.

FAQ: Questions Business Owners Are Asking

Q: “I’m a small business—do I really need to worry about this?”

A: Yes. Cybercriminals often target small businesses because they assume they won’t have strong security. In fact, 43% of cyberattacks target small businesses, and 60% of small businesses that suffer an attack go out of business within six months. The good news? Simple steps (like training your team and backing up data) can dramatically reduce your risk.

Q: “What’s the most common way businesses get hacked?”

A: Phishing emails are the #1 cause of data breaches. Criminals send fake emails that look real—like an invoice from a supplier or a request from your “boss”—to trick employees into clicking a link or sharing sensitive information. The second most common way? Weak or reused passwords.

Q: “How much should I spend on cybersecurity?”

A: You don’t need a huge budget to be secure. Start with the basics:

  • Free or low-cost: Employee training, strong passwords, two-factor authentication, and regular backups.
  • Moderate investment: A password manager (€2–€5/month per user), antivirus software (€30–€100/year), and a cloud backup service (€5–€20/month).
  • For higher-risk businesses: Consider hiring an IT security consultant to assess your risks (often €100–€200/hour).

IT Move NL

Whether you run a webshop, a clinic, or a logistics company, cybersecurity isn’t just an IT issue—it’s a business issue. The good news? You don’t have to figure it out alone. We help businesses of all sizes build simple, effective defenses that actually work. Let’s talk about what makes sense for your business—no jargon, no pressure.

Sources:

David Velarde Robles
David Velarde Robles

He/Him · AWS Certified Solutions Architect | Cloud Engineer @ Essent

Cloud Engineer at Essent B.V. with 10+ years of experience in the tech industry. AWS Certified, passionate about serverless architectures, Infrastructure as Code, and DevOps. Proficient in TypeScript, Python, and Terraform. Based in Amersfoort, Netherlands.

>

STAY IN THE LOOP

// Cloud, AI & DevOps insights — straight to your inbox.

>

No spam. Unsubscribe anytime.
Share this article:
Previous article Cloud Outages: Is Your Business at Risk? Next article Why Xbox’s New Console Matters for Your Business

// Related articles

2FA for Small Businesses: Simple Security That Works

2FA for Small Businesses: Simple Security That Works

March 19, 2026

Is Your Business a Hacker's Easy Target?

Is Your Business a Hacker's Easy Target?

March 18, 2026

AI Outages Costing You? How to Protect Your Business

AI Outages Costing You? How to Protect Your Business

March 18, 2026

Need help with your cloud infrastructure?

Our team of experts is ready to help you navigate the complexities of modern cloud architecture.

Get in Touch