(WHTM) — October is Cybersecurity Awareness Month. Cyber attacks can be catastrophic for businesses.

“They’ll keep coming back until they get in,” said Chris Roberti, senior vice president for cyber, space, and national security policy at the U.S. Chamber of Commerce. “We have to be good all the time. They have to be good only once.”

“They” are hackers, and they are getting really good at attacking businesses, costing companies big bucks. Roberti said the most common cyber attack is when a hacker breaches a system and demands money to go away.

“Those types of attacks can be very debilitating because it essentially shuts companies down, or even government agencies where we’ve seen significant ransomware attacks,” Roberti said.

The average downtime for a company when something like that happens is 21 days, but the average time to fully recover from this type of attack is 280 days.

Many times, it’s even worse. Roberti said, “50% of small businesses don’t recover from ransomware attacks.”

Another growing attack: business email compromise. In this situation, Roberti said, “The threat actor gets into your systems, observes how people interact over email, and then will put in a fraudulent request for payment.” Roberti said those types of attacks are often successful and can cost victims billions of dollars.

The attacks can harm people without businesses, too, Roberti said. “You should care about it because as an individual, your data is at risk, your personal identifiable information, which can be used to commit fraud. Separately, your bank accounts could be at risk if you’re not taking steps to protect yourself,” Roberti explained.

As far as protecting yourself goes, experts recommend:

  • Recognize the threat
  • Change your passwords often
  • Regularly update your systems
  • Back up and encrypt your data

They’re simple steps that may save you in the long run because these attacks are costly, and not just in terms of money.

Get the latest Pennsylvania politics and election news with Your Local Election HQ.

“In May ’21, Harrisburg’s government suffered a cyber attack which caused the town council to have to direct funds for new equipment and software to strengthen your cyber infrastructure. It may not be a specific dollar payment amount, but it causes disruption that causes impact to services, delivery of services, whether that be hospitals or police departments or you name it,” Roberti said.

The other frustrating part — it’s very difficult to catch the people behind these attacks. Often, they are not even in the U.S. That’s why the Chamber of Commerce says it’s important for the government and the private sector to work together to identify threats.