There’s a common saying in the cybersecurity world: “It’s not a matter of if you’ll be attacked, but when”. For SMBs, this is a concrete reality: one that shows up every day with new threats, new techniques, and unfortunately, increasingly serious consequences.
And yet, despite this growing exposure, many SMBs still believe they are “too small to interest hackers.” That’s a common, and often fatal, mistake.
When the damage is already done
In June 2024, Evolve Bank & Trust, a U.S.-based company with strong ties to fintech platforms such as Stripe and Mercury, was hit by a ransomware attack carried out by the LockBit group. The impact was immediate: sensitive data stolen, systems shut down, public concern mounting.
Yes, the company reacted—but time was against them. The breach revealed a crucial fact: despite advanced infrastructure, Evolve Bank did not have a Cyber Incident Response Plan (CIRP) ready for immediate activation.
The result? Reputational damage, operational delays, and weeks of forensic investigations.
A solid CIRP could have made the difference: quickly isolating compromised systems, notifying customers in a structured way, and coordinating the response with suppliers and authorities. In such critical scenarios, every minute counts.
Companies that activate a response plan within 72 hours of detecting an attack reduce the total cost of the breach by 61%.
The price of unpreparedness
Genetic testing company 23andMe also experienced a major attack in 2023, when compromised credentials led to unauthorized access to millions of user profiles. Initially, it seemed like a contained incident. But as weeks passed, it was revealed that over 5.5 million genetic profiles were exposed—including highly sensitive data.
The slow public communication and lack of proactive measures sparked widespread criticism. The issue wasn’t just the technical vulnerability—it was the absence of a well-structured crisis response plan. There were no clear guidelines on who should communicate, how to notify customers, or what countermeasures to deploy.
A well-designed response plan could have included:
- Conditional access for users via Multi-Factor Authentication (MFA)
- Temporary blocks on suspicious activity
- Transparent, timely communication with customers
- Rapid engagement of legal and PR teams
Organizations that proactively test incident response plans see faster and more reliable recovery in real events.
And these are not isolated cases, let’s look at the data:
- 82% of ransomware attacks targeting “soft targets” affected companies with fewer than 1,000 employees
- The average cost of a breach for an SMB in 2025 ranges between $120,000 and $1.24 million
- In 2024, average losses grew to $1.6 million, marking a significant increase compared to the previous year
A cross-sector risk
These episodes don’t just concern banks or big tech companies. The truth is that all businesses, from construction firms to hospitality providers, logistics operators to family offices, handle data and systems that are vulnerable to attacks.
And every hour of operational downtime translates into delays, costs, and lost trust.
According to a study by Cybersecurity Ventures, 60% of small businesses that suffer a cyberattack go out of business within six months.
Not because of the attack itself, but because of the inability to manage the aftermath.
Why you need a Cyber Incident Response Plan
A well-structured CIRP enables you to react promptly, reducing costs, operational damage, and reputational loss.
Gartner reports that companies with an active response plan reduce breach-related costs by 50%, and McKinsey confirms that testing your plan at least once a year makes your organization 35% more effective in managing crises.
Essential elements of the plan:
- Defined roles and responsibilities – Everyone knows exactly what to do during an emergency
- Fast containment and isolation – Stop the threat before it spreads
- Transparent communication – Timely information to internal teams, customers, and partners
- Restoration via secure backups – Minimize downtime
- Regular testing and updates – An effective plan must evolve
We help you prepare, respond better, and bounce back stronger
In a world where cyber threats are constant and unpredictable, having the right partner by your side truly makes the difference.
We specialize in supporting SMBs like yours with solid IT strategies, a personalized approach, and 24/7 support.
We help protect your business with:
- IT Consulting & Strategy: We work with you to build an effective, customized IT plan focused on resilience
- Managed IT Services: Constant monitoring, rapid interventions, and complete system management
- Cloud Solutions: Scalable, secure platforms to simplify daily operations
- Cybersecurity: Proactive protection, automated backups, access control, and intelligent firewalls
Don’t wait for it to happen, implement your incident response plan today with a trusted partner.
Speak with an expert and discover how to make your business safer, more agile, and ready for whatever digital challenges come next.