---
id: "claim-smb-breach-cost"
type: "claim"
source_timestamps: ["¶6"]
tags: ["financial-impact", "statistics"]
related: ["concept-smb-cyber-risk-asymmetry", "entity-microsoft"]
confidence: "high"
testable: true
sources: ["governance"]
sourceVaultSlug: "hbr-seg-governance"
originDay: 7
articleStem: "hbr-sig-57-smb-cyber-risk"
sourceUrl: "https://hbr.org/2026/06/ai-is-changing-cyber-risk-heres-how-smbs-can-respond"
sourceTitle: "AI Is Changing Cyber Risk. Here’s How SMBs Can Respond."
---
# The average cyberattack costs an SMB over $250,000

**Claim:** Citing [[entity-microsoft-d7|Microsoft]] research, the source states the average cost of a cyberattack for an SMB exceeds **$250,000**, with extreme cases reaching as high as **$7 million**. It anchors the resource gap in [[concept-smb-cyber-risk-asymmetry]].

**Source confidence:** high. **Testable:** yes.

> [!check] Enrichment validation — DIRECTIONALLY ACCURATE, NUMERICALLY APPROXIMATE
> Industry summaries of Microsoft-sponsored SMB studies report average breach costs in the >$120k–$200k range, with higher-end incidents reaching $1M+; some secondary articles cite $250k+ as representative. Insurer/MSSP reports frequently cite six-figure average losses with upper-tail losses in the millions. The order of magnitude is consistent, but the exact "$250,000 average / up to $7M" appears to be a rounded, synthesized figure not tied to a single definitive public Microsoft report. Use as a representative benchmark, not a canonical constant.


## Related across articles
- [[claim-cybercrime-losses-increasing]]
