Common Types of Cyber Attacks

Topics: Cyber Liability

Summary: Cyber attacks can not only damage a small business’s reputation, but also cause them to completely close down. We’ll take a look at some of the common types of cyber attacks threatening small businesses to help owners stay informed – and help prevent falling victim to one.

The most common cyber attacks include:
  • Social Engineering Scams
  • Malware
  • Botnets
  • Denial-of-Service
  • SQL Injections and Other Web Application Attacks
The statistics surrounding cyber attacks are startling. 2019 was one of the worst years for data breaches, with over 164 million sensitive records exposed. Three breaches in 2019 made the list of the ten largest breaches of all time. Cybercriminals, or hackers, attack computers connected to the internet at a near-constant rate, an average of every 39 seconds.

One of the first steps in preventing data breaches is understanding what a cyber attack is and learning about some of the common cybersecurity threats facing businesses. It’s not just large corporations who are at risk; small and mid-sized companies are often targets due to a lack of cybersecurity measures in place. Small businesses should consider purchasing cyber liability insurance to protect themselves if they do suffer a cyber attack.

A Few Types of Cyber Attacks and Cybersecurity Threats

Cyber attacks threaten businesses every day, often resulting in damages of $200,000 or more. A cyber attack is a deliberate assault on a computer system or network that uses malicious code to make unwanted modifications or steal data. Some of the most common examples of cyber attacks include the following:

Social Engineering Scams

Cybercriminals have been taking advantage of the fact that many employees have been working remotely since the start of the COVID-19 pandemic. They’re able to commit their cyber crimes through social engineering scams – the act of deceiving or manipulating someone into divulging confidential or personal information to use for fraudulent purposes.

Social engineering scams come in many forms, including phishing scams sent via email to collect sensitive data, baiting scams that infect a computer with malware after the user downloads free music or movies, caller ID spoofing and more.


Malware, or “malicious software,” is a type of cyber attack that installs dangerous software on a user’s computer after the user clicks a harmful link or opens an email attachment. Malware is able to essentially lock down the computer, blocking access to files and other key components of the network, and obtain sensitive information. According to a report from Verizon, 94% of all malware cases in 2019 arrived on computers via email.

One common form of malware is ransomware, which blocks access to the system until a sum of money is paid or another action is completed. Other types of malware include Trojan horses, malicious programs designed to look like typical software that tricks users into installing it, and a drive-by attack, where a malicious script is planted into an insecure website that will redirect the user to a site controller by the hacker.

SQL Injections and Other Web Application Attacks

A Structured Query Language (SQL) injection is a cyber attack that involves a hacker “injecting” malicious code into a service that uses SQL, forcing it to expose information it would normally not display, including customer details, user lists and other confidential company data.

Similar web attacks to SQL injections include cross-site scripting (XSS), where the attacker embeds malicious JavaScript to target the website’s database, and cross-site request forgery (CSRF or XSRF), where a hacker tricks a valid user into performing unsolicited actions on a website or application without the user’s consent.


A denial-of-service (DoS) attack occurs when hackers overload a system’s resources and cause it to become unresponsive to service requests. In other words, these attacks can shut down the system and make it inaccessible to authorized users. Likewise, a distributed denial-of-service (DDoS) attack also targets the system’s resources, but the source comes from a larger amount of host machines, all infected and under control of the cybercriminal.

DoS and DDoS attacks can completely debilitate a website, especially when working in partnership with botnets. These breaches can also make the system vulnerable to a future attack. There are several different types of DoS and DDoS attacks.


A botnet uses bots, or robots, and exists across a network of devices, comprising personal computers and other devices. Botnets drive various types of cyber attacks that can be used to steal personal information and passwords, spread spam and deliver viruses. They’re cheap and effective for cybercriminals to utilize, and as mentioned above, can also facilitate a DoS attack, flooding a webpage with traffic to ensure the site goes offline.

How do Cyber Attacks Affect Small Businesses?

The above types of cyber attacks are just a few examples of the threats businesses can face. With cyber crime growing and becoming more advanced every year, it’s more important than ever that small businesses understand how these types of attacks can impact their operations – and take the proper steps to protect themselves.

Sixty percent of small businesses that fall victim to a cyber attack go out of business in six months. This is especially true for companies that do not have a data breach response plan in place. The effects of cyber attacks can be long-lasting and devastating, and can lead to:

  • Extra expenses to keep the business operating and to notify all parties involved of the breach
  • Loss of income due to business being shut down from the cyber attack for any amount of time
  • Damaged electronic data stored on computers that can be extremely time-consuming to replace
  • Possible lawsuits due to stolen data
  • A damaged reputation, as customers may be hesitant to do business with a company they may see as careless

Protect Your Small Business from Cyber Attacks with Cyber Liability Insurance

AmTrust Financial offers cyber liability insurance to help protect small businesses from some of the costs associated with a variety of cybersecurity attacks. AmTrust is committed to evolving our coverage as new cyber threats emerge for our customers. To learn more about our cyber liability insurance policies, please contact us today.

This material is for informational purposes only and is not legal or business advice. Neither AmTrust Financial Services, Inc. nor any of its subsidiaries or affiliates represents or warrants that the information contained herein is appropriate or suitable for any specific business or legal purpose. Readers seeking resolution of specific questions should consult their business and/or legal advisors. Coverages may vary by location. Contact your local RSM for more information.

Time Zones