The Equifax hack in 2017 showed the world that cybersecurity is a serious issue, one that if left unchecked could put an entire country’s information at risk. While this should have served as a wake-up call to every individual and every business, big and small, the truth is that small businesses in particular aren’t taking cyber security as seriously as they should.

Small businesses make fruitful targets for cyber attacks because of how cheap and accessible malware programs have become. This, in conjunction with a lack of knowledge on the part of many small business owners, means that many organizations lack the proper preparations to repel cyber attacks, attracting cyber criminals looking for a quick buck. These are just a few of the reasons small businesses should take cyber security more seriously.

1. Cybercrime has become much more accessible…

In the last couple of years, malware has become much more accessible and affordable for those who are inclined toward cybercrime. The “2017 State of Cybercrime Report” by SecureWorks shows that spam bots, preconfigured viruses, and even hacking as a service (HaaS) are now available at low cost. Not only that, but they are set up to be virtually plug-and-play, meaning that people who have little to no technical or cybercrime experience can jump right in and spearhead their own cyber attacks.

2. The rise of ransomware

One of these types of “ready-to-deploy” malware is ransomware. Upon infection, ransomware encrypts the user’s hard drive and demands payment, usually in bitcoin, before the criminal will unencrypt the files and release them back to the business or individual. If they decide not to pay, the files stay encrypted and inaccessible, or worse, will be deleted. Maryville University’s online cyber security resources mention that the average cost of these ransoms are around $300, though they can cost thousands more. Not only that, but the rise in popularity of ransomware is quite apparent — 4 million attacks detected in 2015, to 500 million in 2016.

3. Over half of all small businesses were hit in 2016…

While the SecureWorks cybercrime report shows that malware and HaaS are easier for criminals to access, Ponemon Institute’s 2016 State of SMB Cybersecurity Report  found that these criminals have actually been more successful than most realize. After surveying 600 IT leaders in small and medium sized businesses alike, Ponemon found that 50 percent of SMBs had been hit in the past 12 months. On top of that, only 14 percent of companies represented in the study rated their ability to defend against cyber attacks effectively.

4…Because small businesses think they’re already safe

One of the reasons (not necessarily the only reason, but one of them) that small businesses are becoming such desirable targets for cybercrime, is that many of them think they’re safe. Despite that only 14 percent of companies rated their ability to defend against cyber attacks as “effective”, a 2017 poll of 1,420 small business owners by Manta Media Inc. found that 87 percent felt that they were “not at risk” of cyber attack. The unfortunate reality is that when you don’t feel the urge to safeguard against cyber criminals, it becomes much easier for them to breach your security and steal your data.

5. Cyber-attacks can be worse for small businesses

One of the reasons that small business owners should take more care against cyber threats is that they’re not only less-prepared to protect against attacks, but they’re less prepared to deal with the aftermath. ECPI’s blog makes the point that 31 percent of small business owners have no cyber security software of any kind. Not only that, but somewhere around 60 percent of small businesses that are hit by cyber attacks go out of business within six months.

6. Your employees are putting you in danger

Not only are small business owners ill-prepared to face cyberthreats, their employees actually may be unknowingly aiding cyber criminals in their exploits. In fact, phishing and social engineering attacks are one of the ways that criminals exploit their victims before deploying malware. Eastern Kentucky University reports that 70 percent of health and business organizations stated that human error is a top threat to information security. Educating and training your employees against threats should be a priority to keep your business safe.

There are plenty of reasons that small businesses should take cybersecurity more seriously, but these six should serve as more than enough to spark small business leaders into action. The fact of the matter is that you shouldn’t be wondering if you’ll be on the receiving end of a cyber attack; you should be wondering when you will. Preparation is the only thing separating those who will be permanently crippled by these criminals, and those who will bounce back with minor harm. Which one will you be?

Andrew Heikkila is an entrepreneur, artist, and writer from Idaho. He likes to cover global issues in business, the Millennial workforce, and leadership topics. When he’s not enjoying habanero pizza and craft beer, you can find him on a run in the beautiful foothills above Boise. Follow Andrew on Twitter @AndyO_TheHammer