It’s become clear that no company, regardless of its size or industry, is truly immune to the threat of cyber-attacks. Whether it’s a small local startup or a large multinational corporation, the digital landscape has made businesses increasingly vulnerable to security breaches.
As a matter of fact, a recent survey conducted by the Identity Theft Resource Center (ITRC) revealed a concerning trend: nearly 38% of companies that fell victim to cyber-attacks decided to pass the financial burden onto their customers by introducing what is now being referred to as a “Cyber Tax.”
According to the 2025 Business Impact Report compiled by the ITRC, the survey captured responses from over 662 small and medium-sized businesses (SMBs), most of which employed 500 or fewer people. The findings were troubling: in the aftermath of data breaches and digital attacks, many of these companies resorted to raising the prices of their products and services in an effort to recoup some of their losses. This shift has effectively created a hidden “Cyber Tax,” passed on to consumers who are now bearing the financial repercussions of these attacks.
A Hidden Cost to the U.S. Economy: Cyber Tax and Inflation
This so-called “Cyber Tax” is becoming a shadowy burden on the U.S. economy. When businesses raise their prices to offset the costs of cyber-attacks, they are, in effect, contributing to rising inflation. While this might seem like a quick fix for companies facing financial strain, the broader economic effects can be severe. For small and medium businesses, already operating with tight margins, the additional financial strain can make it harder to stay afloat. In the worst-case scenario, it could lead to layoffs, business closures, or a significant reduction in operational capacity.
For SMBs, which are crucial to the U.S. economy and provide millions of jobs, the consequences of cyber-attacks are far-reaching. The ITRC highlights that when cyber-attacks result in price increases for consumers, it often leads to a ripple effect in the economy, with increased costs of living and a decreased purchasing power for everyday Americans. This, in turn, contributes to an inflationary spiral that disproportionately impacts smaller businesses, who may already be struggling with the financial burden of cybersecurity defenses and insurance premiums.
The Role of Advanced AI in Cyber-Attacks: A New Age of Threats
One of the most concerning trends emerging from the report is the growing sophistication of cyber-attacks, particularly those involving Artificial Intelligence (AI). A significant 41% of SMBs that suffered a cyber breach indicated that they were specifically targeted by AI-powered attacks. This is a stark reminder that the landscape of cybersecurity is evolving rapidly, with cybercriminals leveraging increasingly advanced technologies to exploit vulnerabilities.
AI is being used in various malicious ways. For instance, phishing emails are now often generated by AI, making them harder to distinguish from legitimate communications. Similarly, deepfake technology—which can create convincingly fake audio and video recordings—has been used to manipulate individuals or organizations into divulging sensitive information. AI has also been deployed to generate new forms of malware, making it more difficult for traditional security systems to detect and block these evolving threats.
Moreover, many of the SMBs surveyed reported that traditional threats, such as insider attacks or sophisticated threat actors, were also significant contributors to their cyber vulnerability. These attacks, often carried out by well-funded and organized groups, can bypass many security measures, causing widespread damage to companies’ IT infrastructures and their reputations.
A Wake-Up Call: Only 38% of SMBs Are Fully Prepared for Cyber Threats
Despite the growing threat of cyber-attacks, the survey found that only 38% of SMBs feel fully prepared to handle such incidents. This highlights a major gap in cybersecurity readiness. While larger companies often have dedicated cybersecurity teams and resources, many SMBs are ill-equipped to handle the complexities of modern cyber threats. The report indicates that a large proportion of businesses are either underprepared or have a disjointed approach to cybersecurity, focusing their attention elsewhere or failing to allocate sufficient resources to protecting their digital infrastructure.
This lack of preparedness is particularly troubling given the growing sophistication of cyber-attacks, which often go unnoticed until significant damage has been done. The ITRC emphasizes the need for businesses, especially SMBs, to invest in cybersecurity awareness, employee training, and advanced protective measures such as AI-driven threat detection and incident response protocols.
Conclusion: The Path Forward for SMBs
As we continue to witness an increase in cyber threats, the consequences of insufficient preparedness are becoming more apparent. Small and medium-sized businesses, which are crucial drivers of the U.S. economy, face an uphill battle in protecting themselves from sophisticated cyber-attacks. Many of these businesses are being forced to pass on the costs of breaches to their customers, contributing to a growing “Cyber Tax” that risks exacerbating inflation and putting additional strain on an already fragile economy.
To avoid these pitfalls, SMBs must prioritize cybersecurity as a fundamental part of their business strategy. This involves not just investing in technology but also fostering a culture of security awareness across all levels of the organization. Without such a commitment, the risks associated with cyber-attacks will continue to pose a significant challenge, not just for businesses, but for the economy as a whole.
Join our LinkedIn group Information Security Community!
