WHAT THE DATA SAYS
Still not convinced? Here are some
statistics on small and medium
sized businesses as it relates to
cyber-attack.
Why are Small & Medium
Business (SMBs) in the cross hairs
of hackers? Many would assume
that these are not prime targets, but
statistically speaking, SMBs are at
great risk, and hackers spend a
significant amount of time trying
to pick their locks.
•  43% of cyber-attacks target small
business.
•  47% of small businesses had at
least one cyber-attack in the past
year, 44% of those had two to
four attacks.
•  70% of small businesses are
unprepared to deal with a cyber-
attack.
•  3 out of 4 small businesses say
they do not have sufficient
personnel to address IT security.
•  66% of small businesses are very
concerned about cyber security
risk.
•  85% of small businesses plan to
increase spending on managed
security services.
•  51% of small businesses say they
are not allocating any budget to
cyber security.
•  58% of malware attack victims
are categorized as small
businesses.
YOUR BEST LINE OF DEFENSE IS
A GOOD OFFENSE
As cyber threats continue to grow
in complexity and frequency,
partnering with a trusted
cybersecurity firm is one of the
most important investments a golf
course operation can make. So,
how do you find the right one?
Start by seeking out companies
with experience in small to mid-
sized businesses, ideally those
familiar with hospitality or retail-
style environments. Ask for client
references, certifications (such as
CISSP, CISM, or CompTIA
22
Golf Business Canada
Recent Cyber Attacks on Golf Courses
Reported incidents in the golf industry (USA Based). NOTE: many more
incidents go unreported due to the ownership of the clubs being
private.
• Arkansas, USA – Bella Vista Golf Club; August 2024
A ransomware attack hit Bella Vista Golf Club, disrupting
operations and resulting in an estimated US $132,000 in recovery
costs. Source: Local news coverage, August 2024
•  United States – American Golf Corporation; July 12, 2024
The MEDUSA ransomware group allegedly exfiltrated ~155 GB of
data, including emails, member records, credentials, and financial
documents, and demanded a US $2 million ransom (increased by
US $100,000 daily). Source: Cyber Express, July 2024
•  California, USA – San Jose Country Club; June 10, 2025
The MEDUSA ransomware group reportedly breached the private
club’s IT systems, exfiltrating ~117 GB of data containing employee
and client personal information (addresses, SSNs, payroll, etc.),
and set a ransom deadline of June 30, 2025, for US $150,000.
Source: Cyber Security News, June 2025
Security+), compliance with Canadian Centre for Cyber Security (CCCS)
guidelines and a clear explanation of their approach to risk assessment,
prevention, and incident response.
A good cybersecurity partner will take the time to understand your
operation, tailor solutions to your needs, and work alongside you to
build a resilient infrastructure. Key questions you should ask of any
cybersecurity firm would include:
•  How do you stay ahead of emerging threats?
•  Do you offer 24/7 monitoring and incident response?
•  What is your process for backing up and restoring data?
•  How will you support employee training and awareness?
•  Do you conduct routine security audits and vulnerability assessments?
Speaking of training, this is not a “set it and forget it” item. As
mentioned earlier, human error is still the number one cause of data
breaches, which means regular staff training is vital. Consider
implementing short, interactive cybersecurity sessions on a weekly or bi-
weekly basis. These should cover phishing awareness, password hygiene,
data handling procedures, and include mock attack scenarios. Even
10-minute “cyber drills” during staff meetings can have a meaningful
impact.
Cybersecurity is not solely an IT issue; it is a business continuity
issue. Taking a proactive approach now protects your golf operation,
your customers/members, and your reputation. As digital threats evolve,
so too must our defenses. With the right partner and practices in place,
your golf course can stay focused on delivering memorable experiences,
not managing digital disasters.
G Gol olf f
B Bu usi sin ness ess
Canad Canada a