According to the latest survey by the Identity Theft Resource Center (ITRC), small businesses are facing an unprecedented cybersecurity crisis. The report shows that in 2025, as many as 80% of small businesses have experienced cyber fraud or data breaches, with nearly half (41%) of the attacks directly driven by artificial intelligence. This number has seen a significant leap compared to 2024, when AI was not even listed as a major attack vector.

Hackers are using generative AI to create highly deceptive social engineering attacks, mimicking the tone and background of internal communications, making the scams difficult to distinguish from real ones. The involvement of AI not only lowers the technical barriers for attacks but also enables large-scale, automated precision "bombing." Financial losses are equally alarming, with about 37% of affected businesses suffering losses exceeding $500,000 per incident.

Facing high legal costs, fines, and security repair expenses, about 38% of affected small businesses choose to pass on the losses by increasing product or service prices. Concerningly, despite the escalating threats, the basic defense capabilities of small businesses have actually regressed. The survey found that the adoption rate of multi-factor authentication (MFA) has dropped from 33% to 27%. Experts warn that this "defense fatigue" is making small businesses an easier target in the AI era.

Key Points:

  • 🚨 Alarming Victim Proportion: In 2025, 80% of small businesses were hit by cyberattacks, with AI-driven attacks jumping from almost zero in 2024 to 41%.

  • 💰 Inflationary Chain Reaction: Affected by the high cost of cybercrime, nearly 40% of victims have increased prices to recover losses, with cybercrime becoming an invisible driver of inflation.

  • 🛡️ Weakening Security Defense: The adoption rate of multi-factor authentication (MFA) among small businesses has declined, exposing significant security vulnerabilities against automated AI attacks.