Cyber Tax Raises Consumer Prices After Breaches, Podcast Warns
Malwarebytes Lock and Code podcast: Eva Velasquez details how small business cyberattacks create a 'cyber tax' that raises prices for all consumers — no sector immune.
Executive Summary
Cyberattacks on small businesses are driving up consumer prices across multiple industries, according to Eva Velasquez, president of the Identity Theft Resource Center, speaking on Malwarebytes' Lock and Code podcast (Season 7, Episode 9). Velasquez described a "cyber tax" — the cost of incident response, legal fees, regulatory fines, and reputational damage that businesses pass to customers after a breach. The episode, published May 4, 2026, argues that no sector is immune from these downstream price increases.
Technical Analysis
Velasquez outlined how small and medium-sized businesses (SMBs) — which often lack dedicated security teams — bear disproportionate costs per incident relative to revenue. A single ransomware attack or data breach can cost an SMB tens of thousands of dollars in forensics, ransom payments, notification costs, and credit monitoring. These expenses are frequently recouped through higher prices on goods or services, effectively spreading the financial burden to all consumers, not just those whose data was compromised.
The podcast did not cite specific incident data or CVE IDs, but Velasquez referenced the broader trend of supply-chain compromises where a breach at a small vendor cascades to larger partners. The "cyber tax" concept aligns with research from the National Cyber Security Alliance and the Identity Theft Resource Center indicating that 60% of small businesses that suffer a cyberattack go out of business within six months — those that survive often raise prices.
Mitigations & Recommendations
While the podcast did not offer technical mitigations, Velasquez recommended that small business owners invest in basic cyber hygiene — multi-factor authentication, regular backups, employee phishing training — and consider cyber insurance to offset incident costs. Defenders should monitor supply-chain relationships for third-party risk, as a breach at a small vendor can impact larger organizations that rely on them.
Stay Updated
Get the latest cybersecurity news delivered to your inbox.
