As a whopping 80% of small businesses report falling victim to cybercrime in 2025, the Identity Theft Resource Center (ITRC) highlights a growing “cyber tax” phenomenon – when companies are forced to raise prices to address the financial impact of an incident.
In its recent 2025 Business Impact Report, the ITRC surveyed 662 small business owners or executives at companies with 500 or fewer employees. In total, 81% of businesses reported suffering a security breach, a data breach, or both in the past year. Interestingly, AI-powered attacks were identified as a root cause in over 40% of the incidents.
Among the breached entities, 62.5% suffered financial losses (such as lost revenue, fines, and recovery costs) of more than $250,000, while more than a third of the victims (36.7%) grappled with losses of over $500,000.
How do businesses finance their road to recovery? This time around, 38.3% of small business leaders (nearly four in 10) admitted that they had to hike prices, which creates what the ITRC referred to as “a hidden cyber tax.”
In addition, business leaders are reporting being far less confident about their cybersecurity preparedness. In 2024, 56.5% felt "very prepared" for a cyberattack, while in 2025, that number dropped to 38.4%.
Although businesses are increasingly more doubtful about their readiness to tackle a cyberattack, the adoption of basic – and often critical – security measures lags behind. In 2024, 33.6% of business leaders reported implementing robust security measures (like multi-factor authentication), while in 2025, it was only 27.2%.
"The current landscape is not a fair fight and presents both a drag on our economy and a threat to national security," said James E. Lee, President of the Identity Theft Resource Center. "Our national economy is linked to the cybersecurity of our small business community. The data in this report is startling and should be a wake-up call for everyone."
"We cannot treat cybersecurity as a cost of doing business that only falls on the shoulders of individual entrepreneurs, their employees and customers whose lives and livelihoods are impacted," Lee continued.
"It is a national economic imperative that requires serious dialogue and action about the role of public policy in leveling the playing field by exploring state and federal initiatives, along with public-private partnerships, to alleviate this burden."
In 2024, experts predicted that the cost of cybercrime would reach $12 trillion by 2025, expecting to see a rise in AI-enabled attacks.
Your email address will not be published. Required fields are markedmarked