{"id":20087,"date":"2026-06-16T19:04:51","date_gmt":"2026-06-16T16:04:51","guid":{"rendered":"https:\/\/lamdabroking.com\/?p=20087"},"modified":"2026-06-23T18:07:41","modified_gmt":"2026-06-23T15:07:41","slug":"why-small-and-mid-sized-businesses-are-cyber-targets","status":"publish","type":"post","link":"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/","title":{"rendered":"Why SMBs Are Targeted More Often in Cyber Attacks"},"content":{"rendered":"<p dir=\"ltr\"><span style=\"font-weight: 400;\">The right professional starting point is this: cyberattacks against SMEs are not merely a smaller version of enterprise cyber risk. They are a distinct material business risk. A small business now operates within deep digital dependency &#8211; email, payment rails, ERP, CRM, cloud providers, outsourced IT, SaaS platforms, logistics partners, and key customers. The relevant question is no longer whether the business holds valuable data, but whether an attacker can disrupt operations, steal money, encrypt information, exploit trust with customers, or use the firm as a stepping stone into someone else&#8217;s environment.<\/span><\/p>\n<h2 dir=\"ltr\"><span style=\"font-weight: 400;\">Cyber Attackers Look for Weakness, Not Scale<\/span><\/h2>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">The economics of cybercrime have changed. When scanning the internet, gathering domain intelligence, identifying exposed VPN or RDP services, or checking whether MFA is disabled can all be done at scale, target selection becomes cheap. Once an organization is exposed, its size becomes secondary.<\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">That is why the question &#8216;Why would anyone bother attacking us?&#8217; misses how attackers actually operate. They do not choose small businesses for prestige. They choose them because access may be cheaper, identity controls weaker, payment governance looser, and detection slower. Phishing remains a primary initial intrusion vector, and unpatched vulnerabilities, poor credential hygiene, and weak configurations are routinely exploited.<\/span><\/p>\n<h2 dir=\"ltr\"><span style=\"font-weight: 400;\">Small Businesses as Low-Hanging Fruit<\/span><\/h2>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Why an SME Attack Surface Looks Attractive<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">A small or mid-sized business becomes low-hanging fruit not because it is unimportant, but because it holds everything an attacker needs to monetize an incident: mailboxes, files, banking access, payment systems, customer records, cloud permissions, and trusted supplier-customer relationships.<\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Research and surveys consistently show that fewer than half of small businesses have a business continuity plan covering cyber, and only about a quarter have a formal incident response plan. In Israel, research has found that less than half of businesses use cyber defenses at all, and only one in ten conducts employee security training.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">When There Is No Dedicated Security Function, Gaps Remain Open<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Large organizations usually separate IT, security, legal, finance, procurement, and compliance. In many SMEs, the same office manager, finance lead, or outsourced provider handles email administration, permissions, vendor banking details, and backups. That is not always poor management \u2014 often it is simply a resource constraint. But to a threat actor, resource constraints are opportunity.<\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">That is why cyber insurance for SMEs should not start with premium size. It should start with maturity: who manages permissions, who approves payments, who tests recovery, and who makes decisions when a cyber incident hits.<\/span><\/p>\n<h2 dir=\"ltr\"><span style=\"font-weight: 400;\">Human Error, Phishing, and Payment Fraud<\/span><\/h2>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Human Error Is Still a Central Loss Driver<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Even when the risk looks technical, the initial path is often human: a clicked link, credentials entered into a spoofed page, a malicious attachment opened, or trust placed in a normal-looking message. Phishing still serves as a primary initial intrusion method for credential theft, session hijacking, and payload deployment.<\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Human error is not merely user carelessness. It is the operational intersection between human behavior, business process, and attacker tradecraft. Once a threat actor knows who the main vendor is, who approves wires, and when invoices are typically sent, a sophisticated firewall matters less than a convincing message. That is why Business Email Compromise is not just an email problem. It is a governance, treasury, accounting, and cyber risk management problem.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Weak Passwords, Missing MFA, and Weak Payment Controls<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Many SMEs are exposed because of a dangerous mix: recycled passwords, no MFA, no segregation between payment initiation and approval, and no out-of-band verification when bank details change.<\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">FBI data illustrates the severity: in 2025, BEC complaints totaled tens of thousands with losses exceeding $3 billion. Insurance market data confirms that BEC and funds transfer fraud (FTF) account for a large share of all cyber insurance claims, and the majority of FTF claims are driven directly by social engineering. This is exactly where cybercrime coverage and operational controls must work together, not separately.<\/span><\/p>\n<h2 dir=\"ltr\"><span style=\"font-weight: 400;\">Supply Chain Risk and Indirect Exposure<\/span><\/h2>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">How an SME Becomes an Entry Point Into a Larger Organization<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">A small business is not only a final target. It can also be an intermediate target. Many SMEs have remote support access, API connections, customer portals, shared ticketing systems, cloud permissions, payroll integrations, or customer data access. Industry research shows that third-party involvement in breaches has been rising sharply, reflecting the active use of indirect paths through providers and dependencies.<\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">That means the right question is not &#8216;Are we too small to matter?&#8217; but &#8216;Who are we connected to?&#8217; If the business provides software, IT, payroll, accounting, customer support, cloud operations, payment services, marketing services, or database access, it may function as a weak link in someone else&#8217;s ecosystem.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">The Collateral Damage of Cloud, MSP, SaaS, and Payment Provider Incidents<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Even when an SME is not used as a bridge into a larger target, it can still suffer major collateral damage from a third-party event. An incident affecting a cloud provider, MSP, SaaS platform, card processor, or key customer can trigger a system outage, revenue disruption, delayed collections, and severe operational interruption.<\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Global incidents in recent years have demonstrated how dependence on a shared platform can create broad economic impact even without a direct breach of the affected organization. For SMEs, the lesson is straightforward: the problem may not be your system. It may be your dependency. That is the essence of digital dependency, and it is why direct and dependent business interruption deserve careful review at placement.<\/span><\/p>\n<h2 dir=\"ltr\"><span style=\"font-weight: 400;\">Which Cyber Events Hit SMEs in Practice<\/span><\/h2>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Ransomware<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Ransomware remains one of the most disruptive and costly forms of cyber incident. Law enforcement data shows thousands of complaints per year, while researchers consistently note that official loss figures understate true economic damage because they exclude lost business, wages, time, files, and third-party remediation costs. Initial ransom demands have risen sharply in recent years, and most ransomware events now involve both encryption and data exfiltration.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Funds Transfer Fraud and Business Email Compromise<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">In many cases, the business is not hacked in the dramatic sense. One spoofed email, one compromised mailbox, or one fake vendor payment update is enough to divert funds. That is the classic profile of funds transfer fraud, invoice manipulation, or BEC.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Data Breach and System Outage<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Not every cyber event is a ransom demand. Some are quiet data breaches, unauthorized access, or a system failure that makes operations unavailable. When core business systems such as email, CRM, payments, ordering, or employee access fail, the damage is not merely technical &#8211; it is commercial, contractual, and reputational.<\/span><\/p>\n<h2 dir=\"ltr\"><span style=\"font-weight: 400;\">What a Quality Cyber Insurance Policy Can Do<\/span><\/h2>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Incident Response<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">A strong cyber insurance policy is not merely an indemnity product. In well-structured placements it is also an operational response mechanism. Incident response support can include legal advice on notification duties, forensic investigation, breach notification assistance, and call center services. This matters especially for SMEs, which rarely have an internal team capable of activating legal counsel, forensics, and crisis coordination in the first hours of an incident.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Cybercrime, Business Interruption, and Data Restoration<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Quality coverage is measured by how comprehensively the policy addresses actual loss. A comprehensive cyber policy can cover &#8211; subject to wording and conditions &#8211; lost income, customer notification, data recovery, regulatory defense, crisis management, business interruption, cyber extortion, and separate insuring agreements for computer fraud, funds transfer fraud, social engineering fraud, and dependent business interruption.<\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">A core caution is essential: not every cyber policy covers everything, and not every coverage is included by default. Policy language varies by insurer, social engineering cover may be available only by endorsement, and triggers, sublimits, exclusions, and event definitions differ materially between policies. The real discussion in SME cyber insurance is therefore about wording, not just label.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Crisis Management and Prevention Services<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">One of the most important market shifts has been the move from purely post-loss response to wider cyber resilience support. Many insurers now provide or connect policyholders with pre-breach tools, ongoing monitoring, security awareness resources, and risk management guidance. For technology companies, there is often an additional need to coordinate cyber liability with technology errors and omissions, because the loss may involve both a security failure and a professional service failure.<\/span><\/p>\n<h2 dir=\"ltr\"><span style=\"font-weight: 400;\">Management, Regulatory, and Contractual Responsibility<\/span><\/h2>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Israeli Privacy and Security Obligations<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">From a legal perspective, a cyber incident at an SME is not merely an IT issue. In Israel, the Privacy Protection Regulations require a governance framework that can include an updated data-definition document, a security procedure, ongoing oversight, and in some organizations the appointment of an information security officer. The Privacy Protection Authority has clarified that information transmitted over the internet must use accepted encryption methods and that remote access must rely on proper identification and authentication.<\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Immediate reporting can also become mandatory. A severe security incident in a medium- or high-security database may require notification to the Authority, and encryption of data or denial of access may count as an integrity impact &#8211; meaning ransomware can be both an operational event and a regulatory one. Amendment 13 to the Privacy Protection Law, effective from August 2025, expanded enforcement tools, introduced privacy officer obligations for certain organizations, created notification duties for large and sensitive databases, and added significant administrative sanctions.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Reporting, Vendor Contracts, and International Exposure<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Responsibility does not disappear just because a third party is involved. Israeli regulation treats access granted to an external party as a special risk that requires risk review, an appropriate contract, confidentiality obligations, incident reporting duties, and ongoing oversight. Even when a business relies on an MSP, cloud provider, payroll processor, or SaaS vendor, the database owner retains material governance duties.<\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">If the business processes data relating to people in the EU, GDPR may also apply: reporting, where required, must occur without undue delay and within 72 hours; a business acting as a data processor must notify the controller promptly. In high-risk cases, affected individuals may also need to be informed. This is general information only and is not a substitute for specific legal advice.<\/span><\/p>\n<h2 dir=\"ltr\"><span style=\"font-weight: 400;\">Common Mistakes Made by Business Owners<\/span><\/h2>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">We Are Too Small to Attract Attackers<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">That is the classic mistake. Exposure comes from weakness, not prestige. An SME may be a direct target, or it may be a supply chain stepping stone. Either way, it is absolutely visible to attackers.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">We Have an IT Provider, So the Responsibility Is Theirs<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Legally and regulatorily, outsourcing does not eliminate oversight duties. Operationally, a good IT provider reduces risk but does not replace governance, payment controls, access discipline, or executive decision-making. From an insurance perspective, even if the vendor caused the incident, your business may still face interruption loss, contractual exposure, legal fees, and immediate response costs.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Backups or Antivirus Are Enough<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">They are necessary but not sufficient. An untested backup, unenforced MFA, and unmapped supplier dependency do not amount to mature cyber resilience.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">If We Buy a Policy, We Are Covered<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">A policy is a funding, expertise, and response layer &#8211; not a substitute for management. Cover varies by wording, triggers, sublimits, preconditions, and endorsements. An SME that buys cyber insurance without basic controls may discover during a claim that the problem was not only imperfect coverage, but weak preparedness.<\/span><\/p>\n<h2 dir=\"ltr\"><span style=\"font-weight: 400;\">What a Professional Broker Should Ask an SME Before Placement<\/span><\/h2>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">A professional cyber insurance broker should ask far more than &#8216;How many employees do you have?&#8217; The real questions are business-risk questions:<\/span><\/p>\n<ul dir=\"ltr\">\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">What categories of data does the business collect, process, store, or transfer &#8211; personal data, financial data, medical data, card data, code, or customer-end data?<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Is MFA enforced for email, privileged access, remote access, and critical systems?<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Are backups isolated, are restorations tested, and what is the realistic recovery time objective?<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Is there segregation between payment initiation, approval, and bank-detail changes, and are changes verified out of band?<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Who are the critical third parties &#8211; cloud, MSP, SaaS, payments, development, marketing &#8211; and what happens if one goes down?<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Are there vendor-control procedures, contractual duties, incident-notification provisions, and proof that critical providers meet required security standards?<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Is there an incident response plan, tabletop practice, a legal contact, and a technical escalation path?<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Does the business need only cyber liability, or also cybercrime, social engineering, funds transfer fraud, dependent business interruption, or technology E&amp;O?<\/span><\/li>\n<\/ul>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Conclusion &#8211; Small and mid-sized businesses are targeted more than large enterprises not because they are worth more, but because they are often easier to access, more operationally dependent, less tightly governed, and deeply interconnected with third parties. Attackers look for weakness, low-hanging fruit, and rapid return on effort. Many SMEs present all three.<\/span><\/p>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">The professional answer is not &#8216;buy a policy and relax,&#8217; nor is it &#8216;add another security tool and assume the problem is solved.&#8217; The right answer is mature cyber risk management: governance, access control, MFA, tested backups, payment verification, supplier mapping, incident response, legal and regulatory readiness &#8211; and alongside all of that, a cyber insurance program that genuinely reflects the business&#8217;s actual exposure. A quality policy can be a critical component of cyber resilience, but it is one layer inside a wider system of risk management, not a replacement for preparedness.<\/span><\/p>\n<h2 dir=\"ltr\"><span style=\"font-weight: 400;\">Frequently Asked Questions<\/span><\/h2>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Is a Small Business Really a Cyber Target?<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Yes. SMEs are targeted because they are accessible, not because they are famous.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Why Would Attackers Choose a Small Business Over a Large Enterprise?<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Because access may be cheaper: fewer controls, fewer internal specialists, weaker separation of duties, and often slower incident response. That makes the target economically efficient for attackers.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Are Antivirus and Backups Enough?<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">No. They are important components, but they do not replace MFA, access governance, patching, monitoring, payment controls, incident response, and supplier oversight.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Is MFA Really One of the Most Important Controls?<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Yes. MFA is one of the most effective defensive controls against credential theft, BEC, and unauthorized access.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">If a Cloud or IT Provider Fails, Do They Carry All the Responsibility?<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">Not necessarily. Legally and regulatorily, the customer still retains oversight duties. Operationally, a third-party failure can still create your interruption loss, contractual exposure, and response costs.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">Does Every Cyber Policy Cover BEC, Ransomware, and Vendor Outages?<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">No. Coverage varies by wording, endorsements, definitions, and sublimits. Social engineering, funds transfer fraud, and dependent business interruption often require especially careful review.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">When Can Reporting Obligations Arise?<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">In Israel, a severe security incident involving certain databases may require immediate notification to the Privacy Protection Authority. Under GDPR, some incidents may require notification to a supervisory authority within 72 hours and, in high-risk cases, notice to affected individuals.<\/span><\/p>\n<h3 dir=\"ltr\"><span style=\"font-weight: 400;\">What Should an SME Prepare Before Buying Cyber Insurance?<\/span><\/h3>\n<p dir=\"ltr\"><span style=\"font-weight: 400;\">It should map sensitive data, enforce MFA, test backups and recovery, tighten payment controls, identify critical vendors, prepare an incident response plan, and determine whether it needs cyber liability only or also cybercrime, ransomware cover, social engineering, dependent business interruption, or technology E&amp;O.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>One of the most dangerous assumptions in cyber risk is that a small or mid-sized business is somehow below the radar. In reality, most threat actors are not looking for the biggest logo in the market. They are looking for the cheapest path in, the most convenient attack surface, and the target most likely to pay quickly or recover slowly.<\/p>\n","protected":false},"author":9,"featured_media":20000,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[38],"tags":[],"class_list":["post-20087","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-articles"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Why SMBs Are Targeted More Often in Cyber Attacks<\/title>\n<meta name=\"description\" content=\"A professional deep-dive into SME cyber risk, human error, supply chain exposure, legal duties, and cyber insurance strategy.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why SMBs Are Targeted More Often in Cyber Attacks\" \/>\n<meta property=\"og:description\" content=\"A professional deep-dive into SME cyber risk, human error, supply chain exposure, legal duties, and cyber insurance strategy.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/\" \/>\n<meta property=\"og:site_name\" content=\"Lamda - High Tech Insurance\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/lamda.ins\" \/>\n<meta property=\"article:published_time\" content=\"2026-06-16T16:04:51+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-23T15:07:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/lamdabroking.com\/wp-content\/uploads\/2026\/06\/Small-and-medium-sized-businesses-are-under-cyber-attack.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Oded Oded\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Oded Oded\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/why-small-and-mid-sized-businesses-are-cyber-targets\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/why-small-and-mid-sized-businesses-are-cyber-targets\\\/\"},\"author\":{\"name\":\"Oded Oded\",\"@id\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/#\\\/schema\\\/person\\\/a5b8f4894f9fd6a7a2f3742ba5688174\"},\"headline\":\"Why SMBs Are Targeted More Often in Cyber Attacks\",\"datePublished\":\"2026-06-16T16:04:51+00:00\",\"dateModified\":\"2026-06-23T15:07:41+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/why-small-and-mid-sized-businesses-are-cyber-targets\\\/\"},\"wordCount\":2465,\"image\":{\"@id\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/why-small-and-mid-sized-businesses-are-cyber-targets\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/lamdabroking.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Small-and-medium-sized-businesses-are-under-cyber-attack.jpeg\",\"articleSection\":[\"Articles\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/why-small-and-mid-sized-businesses-are-cyber-targets\\\/\",\"url\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/why-small-and-mid-sized-businesses-are-cyber-targets\\\/\",\"name\":\"Why SMBs Are Targeted More Often in Cyber Attacks\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/why-small-and-mid-sized-businesses-are-cyber-targets\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/why-small-and-mid-sized-businesses-are-cyber-targets\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/lamdabroking.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Small-and-medium-sized-businesses-are-under-cyber-attack.jpeg\",\"datePublished\":\"2026-06-16T16:04:51+00:00\",\"dateModified\":\"2026-06-23T15:07:41+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/#\\\/schema\\\/person\\\/a5b8f4894f9fd6a7a2f3742ba5688174\"},\"description\":\"A professional deep-dive into SME cyber risk, human error, supply chain exposure, legal duties, and cyber insurance strategy.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/why-small-and-mid-sized-businesses-are-cyber-targets\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/lamdabroking.com\\\/en\\\/why-small-and-mid-sized-businesses-are-cyber-targets\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/why-small-and-mid-sized-businesses-are-cyber-targets\\\/#primaryimage\",\"url\":\"https:\\\/\\\/lamdabroking.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Small-and-medium-sized-businesses-are-under-cyber-attack.jpeg\",\"contentUrl\":\"https:\\\/\\\/lamdabroking.com\\\/wp-content\\\/uploads\\\/2026\\\/06\\\/Small-and-medium-sized-businesses-are-under-cyber-attack.jpeg\",\"width\":1600,\"height\":900,\"caption\":\"\u05dc\u05de\u05d4 \u05e2\u05e1\u05e7\u05d9\u05dd \u05e7\u05d8\u05e0\u05d9\u05dd \u05d5\u05d1\u05d9\u05e0\u05d5\u05e0\u05d9\u05d9\u05dd \u05de\u05d5\u05ea\u05e7\u05e4\u05d9\u05dd \u05d1\u05e1\u05d9\u05d9\u05d1\u05e8 \u05d9\u05d5\u05ea\u05e8 \u05de\u05d7\u05d1\u05e8\u05d5\u05ea \u05e2\u05e0\u05e7?\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/why-small-and-mid-sized-businesses-are-cyber-targets\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber insurance\",\"item\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/cyber-insurance\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Why SMBs Are Targeted More Often in Cyber Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/\",\"name\":\"Lamda - High Tech Insurance\",\"description\":\"Risk and Finance Management\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/#\\\/schema\\\/person\\\/a5b8f4894f9fd6a7a2f3742ba5688174\",\"name\":\"Oded Oded\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b963c1df1f438ebca5af4999ce87b49df17e02ee8c0229a090b47e0993913bb1?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b963c1df1f438ebca5af4999ce87b49df17e02ee8c0229a090b47e0993913bb1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/b963c1df1f438ebca5af4999ce87b49df17e02ee8c0229a090b47e0993913bb1?s=96&d=mm&r=g\",\"caption\":\"Oded Oded\"},\"url\":\"https:\\\/\\\/lamdabroking.com\\\/en\\\/author\\\/oded\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why SMBs Are Targeted More Often in Cyber Attacks","description":"A professional deep-dive into SME cyber risk, human error, supply chain exposure, legal duties, and cyber insurance strategy.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/","og_locale":"en_US","og_type":"article","og_title":"Why SMBs Are Targeted More Often in Cyber Attacks","og_description":"A professional deep-dive into SME cyber risk, human error, supply chain exposure, legal duties, and cyber insurance strategy.","og_url":"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/","og_site_name":"Lamda - High Tech Insurance","article_publisher":"https:\/\/www.facebook.com\/lamda.ins","article_published_time":"2026-06-16T16:04:51+00:00","article_modified_time":"2026-06-23T15:07:41+00:00","og_image":[{"width":1600,"height":900,"url":"https:\/\/lamdabroking.com\/wp-content\/uploads\/2026\/06\/Small-and-medium-sized-businesses-are-under-cyber-attack.jpeg","type":"image\/jpeg"}],"author":"Oded Oded","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Oded Oded","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/#article","isPartOf":{"@id":"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/"},"author":{"name":"Oded Oded","@id":"https:\/\/lamdabroking.com\/en\/#\/schema\/person\/a5b8f4894f9fd6a7a2f3742ba5688174"},"headline":"Why SMBs Are Targeted More Often in Cyber Attacks","datePublished":"2026-06-16T16:04:51+00:00","dateModified":"2026-06-23T15:07:41+00:00","mainEntityOfPage":{"@id":"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/"},"wordCount":2465,"image":{"@id":"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/#primaryimage"},"thumbnailUrl":"https:\/\/lamdabroking.com\/wp-content\/uploads\/2026\/06\/Small-and-medium-sized-businesses-are-under-cyber-attack.jpeg","articleSection":["Articles"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/","url":"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/","name":"Why SMBs Are Targeted More Often in Cyber Attacks","isPartOf":{"@id":"https:\/\/lamdabroking.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/#primaryimage"},"image":{"@id":"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/#primaryimage"},"thumbnailUrl":"https:\/\/lamdabroking.com\/wp-content\/uploads\/2026\/06\/Small-and-medium-sized-businesses-are-under-cyber-attack.jpeg","datePublished":"2026-06-16T16:04:51+00:00","dateModified":"2026-06-23T15:07:41+00:00","author":{"@id":"https:\/\/lamdabroking.com\/en\/#\/schema\/person\/a5b8f4894f9fd6a7a2f3742ba5688174"},"description":"A professional deep-dive into SME cyber risk, human error, supply chain exposure, legal duties, and cyber insurance strategy.","breadcrumb":{"@id":"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/#primaryimage","url":"https:\/\/lamdabroking.com\/wp-content\/uploads\/2026\/06\/Small-and-medium-sized-businesses-are-under-cyber-attack.jpeg","contentUrl":"https:\/\/lamdabroking.com\/wp-content\/uploads\/2026\/06\/Small-and-medium-sized-businesses-are-under-cyber-attack.jpeg","width":1600,"height":900,"caption":"\u05dc\u05de\u05d4 \u05e2\u05e1\u05e7\u05d9\u05dd \u05e7\u05d8\u05e0\u05d9\u05dd \u05d5\u05d1\u05d9\u05e0\u05d5\u05e0\u05d9\u05d9\u05dd \u05de\u05d5\u05ea\u05e7\u05e4\u05d9\u05dd \u05d1\u05e1\u05d9\u05d9\u05d1\u05e8 \u05d9\u05d5\u05ea\u05e8 \u05de\u05d7\u05d1\u05e8\u05d5\u05ea \u05e2\u05e0\u05e7?"},{"@type":"BreadcrumbList","@id":"https:\/\/lamdabroking.com\/en\/why-small-and-mid-sized-businesses-are-cyber-targets\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/lamdabroking.com\/en\/"},{"@type":"ListItem","position":2,"name":"Cyber insurance","item":"https:\/\/lamdabroking.com\/en\/cyber-insurance\/"},{"@type":"ListItem","position":3,"name":"Why SMBs Are Targeted More Often in Cyber Attacks"}]},{"@type":"WebSite","@id":"https:\/\/lamdabroking.com\/en\/#website","url":"https:\/\/lamdabroking.com\/en\/","name":"Lamda - High Tech Insurance","description":"Risk and Finance Management","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/lamdabroking.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/lamdabroking.com\/en\/#\/schema\/person\/a5b8f4894f9fd6a7a2f3742ba5688174","name":"Oded Oded","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/b963c1df1f438ebca5af4999ce87b49df17e02ee8c0229a090b47e0993913bb1?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/b963c1df1f438ebca5af4999ce87b49df17e02ee8c0229a090b47e0993913bb1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/b963c1df1f438ebca5af4999ce87b49df17e02ee8c0229a090b47e0993913bb1?s=96&d=mm&r=g","caption":"Oded Oded"},"url":"https:\/\/lamdabroking.com\/en\/author\/oded\/"}]}},"_links":{"self":[{"href":"https:\/\/lamdabroking.com\/en\/wp-json\/wp\/v2\/posts\/20087","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lamdabroking.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lamdabroking.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lamdabroking.com\/en\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/lamdabroking.com\/en\/wp-json\/wp\/v2\/comments?post=20087"}],"version-history":[{"count":3,"href":"https:\/\/lamdabroking.com\/en\/wp-json\/wp\/v2\/posts\/20087\/revisions"}],"predecessor-version":[{"id":20093,"href":"https:\/\/lamdabroking.com\/en\/wp-json\/wp\/v2\/posts\/20087\/revisions\/20093"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lamdabroking.com\/en\/wp-json\/wp\/v2\/media\/20000"}],"wp:attachment":[{"href":"https:\/\/lamdabroking.com\/en\/wp-json\/wp\/v2\/media?parent=20087"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lamdabroking.com\/en\/wp-json\/wp\/v2\/categories?post=20087"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lamdabroking.com\/en\/wp-json\/wp\/v2\/tags?post=20087"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}