A Silent Crisis: Data Breaches Are Bankrupting Small Businesses

A Silent Crisis: Data Breaches Are Bankrupting Small Businesses


X icon
Facebook icon
Link icon



In 2022, the United States witnessed a staggering 1,802 data breach cases, affecting more than 422 million individuals. Unfortunately, these breaches involve illegal access, copying, and theft of sensitive and confidential data. The consequences impact hardworking individuals, families, as well as large and small businesses.

Small Businesses: The Prime Targets

While we often hear about breaches on big companies, like the recent attack on MGM Resorts International, the reality is that small businesses are typically the prime targets for data breaches to occur. Small businesses lack the robust cybersecurity defenses and insurance coverage of larger corporations, and when they are hit, the impact can be devastating. On average, a single data breach costs small businesses $200,000, with 60 percent of affected businesses closing their doors within six months of a cyber attack.

Data Breaches Are Bankrupting Small Businesses | Cyber Security Strategies for Businesses

The Growing Threat in 2024

In 2024, we face an even greater threat. Over $5 trillion in damages is expected due to targeted cyberattacks, many of which are now fueled by artificial intelligence (A.I.). A.I. has reshaped how we interact with technology, allowing machines to learn and make decisions. Sadly, this same technology is now being used by cybercriminals to launch more sophisticated attacks.

A.I.: A Double-Edged Sword

A.I. has revolutionized how we interact with technology, allowing computers to mimic human intelligence, make decisions, and learn from data. It processes vast amounts of information, identifies patterns, and adapts to new situations, making it a powerful tool. Unfortunately, A.I. is also being weaponized by cybercriminals to accelerate the threat to our digital security.

The Impersonation and Phishing Wave

As we move deeper into A.I. technology, small businesses will face a wave of impersonation and phishing attacks driven by artificial intelligence. Hackers leverage A.I. to create convincing content that deceives business owners into disclosing sensitive information. That information is then used to hold businesses hostage, demanding hefty ransoms. The use of A.I. in phishing tactics has made cybercriminals more sophisticated and dangerous.

A.I. Automation in Cyberattacks

Hackers are increasingly utilizing A.I. to automate various attacks, including phishing, malware, and credential-stuffing attacks. Deep Learning, a subset of A.I., enables hackers to create “Deepfake” content, which impersonates voices and manipulates videos to deceive users. With these capabilities, attackers can evade security systems like voice recognition software.

The Deepfake Threat

These fake multimedia elements are increasingly used to divert and deceive, often with malicious intent. Cybersecurity experts warn of deepfake-like social engineering attacks to gain unauthorized access to sensitive data.

Government Response

The magnitude of the threat posed by A.I.-fueled cyberattacks has forced elected officials – including the White House – to seek solutions. Multiple executive orders underscore the national security threat posed by these attacks. The administration aims to shift the cybersecurity responsibility away from individuals and small businesses onto organizations better equipped to handle these risks.

Protecting Yourself and Your Business

While the rise of A.I.-enabled cyberattacks is alarming, there are steps we can take to protect ourselves and our businesses. Implementing 2-Step Verification, using antivirus software on all devices, verifying website URLs, and remaining vigilant against phishing scams are essential measures. Logging off when not in use and reviewing and adjusting privacy settings are also crucial in safeguarding your digital identity.

Know Your Rights

It is important that victims of cyberattacks are aware of their rights. Recent legislation, such as Illinois’ Biometric Information Privacy Protection Act (BIPPA), grants consumers the right to take legal action against entities responsible for data breaches. This local legislation has motivated many across various states to advocate for similar laws in their locality to protect their data and privacy.

The Time to Act

In 2024, A.I. will drive cyberattacks to unprecedented levels. Protecting yourself and your business is paramount. Stay informed, stay vigilant, and take action to defend your digital world. The time to act is now.

About the Author

Oscar A. De La Rosa

Oscar A. De La Rosa is the founder and lead attorney at De La Rosa Law, a mass tort and data breach litigation law firm headquartered in Miami. He wrote “Data Breaches Are Bankrupting Small Businesses” for