- Today
- Holidays
- Birthdays
- Reminders
- Cities
- Atlanta
- Austin
- Baltimore
- Berwyn
- Beverly Hills
- Birmingham
- Boston
- Brooklyn
- Buffalo
- Charlotte
- Chicago
- Cincinnati
- Cleveland
- Columbus
- Dallas
- Denver
- Detroit
- Fort Worth
- Houston
- Indianapolis
- Knoxville
- Las Vegas
- Los Angeles
- Louisville
- Madison
- Memphis
- Miami
- Milwaukee
- Minneapolis
- Nashville
- New Orleans
- New York
- Omaha
- Orlando
- Philadelphia
- Phoenix
- Pittsburgh
- Portland
- Raleigh
- Richmond
- Rutherford
- Sacramento
- Salt Lake City
- San Antonio
- San Diego
- San Francisco
- San Jose
- Seattle
- Tampa
- Tucson
- Washington
4 Out of 5 Small Businesses Have No Plan If They Get Hacked -- And Most Don't Know It
Cybersecurity gaps found in law firms, insurance agencies, and media companies with confidential client data
Published on Mar. 10, 2026
Got story updates? Submit your updates here. ›
A new report from cybersecurity firm JubilantWeb found that 79% of small businesses assessed had no written incident response plan in case of a cyberattack, 68% did not have multi-factor authentication fully deployed, 61% were only backing up data locally, 57% lacked proper email domain authentication, and 52% were relying on outdated endpoint protection. The firm says these gaps are common in industries like law, insurance, and media that handle high volumes of sensitive client data, and that most can be fixed quickly with the right guidance.
Why it matters
Small businesses are increasingly targeted by cybercriminals, but many lack the resources and expertise to properly secure their systems and data. This report highlights how even basic cybersecurity measures are often overlooked, leaving companies vulnerable to damaging attacks that can compromise sensitive information and cripple operations.
The details
JubilantWeb's Security Baseline Analyzer tool assessed businesses ranging from 10 to 250 employees across Florida, New York, New Jersey, and Colombia between 2024 and 2026. The analysis found that 79% of companies had no written incident response plan, 68% did not have multi-factor authentication fully deployed, 61% were only backing up data locally, 57% lacked proper email domain authentication, and 52% were relying on outdated antivirus software. These gaps were most common in industries like law, insurance, and media that handle large volumes of confidential client data, often without a dedicated IT person monitoring for problems.
- The analysis was conducted between Q1 2024 and Q1 2026.
The players
JubilantWeb
A cybersecurity firm that has been helping B2B businesses manage IT infrastructure, cloud security, and digital marketing since 2007. The firm is based in Orlando, Florida and works with businesses across Florida, New York, and internationally.
Nelson Penagos
The founder of JubilantWeb.
What they’re saying
“The businesses we assessed are not careless — they're busy. The gaps we find are on the business side, and most of them can be fixed in days, not months.”
— Nelson Penagos, Founder of JubilantWeb
“A 20-attorney law firm is managing discovery documents, settlement records, and client financials on shared drives with no one monitoring access. The fix is often simpler than people expect — but only if you know where to look.”
— Nelson Penagos, Founder of JubilantWeb
What’s next
Businesses can request a complimentary Security Baseline Assessment from JubilantWeb to identify and address cybersecurity gaps.
The takeaway
This report underscores the cybersecurity vulnerabilities facing many small businesses, especially in industries that handle sensitive client data. While the fixes may be straightforward, the first step is recognizing where the gaps exist so they can be addressed before a damaging attack occurs.
