7 Cybersecurity Stats That Every Small Business Should Know in 2023
If you’re a decision-maker at a small business, the days of casually learning about cybersecurity are over. Data breaches and hacking incidents were already trending; the pandemic changed everything.
The move to remote working shifted the security landscape in ways we’re still trying to calculate. But one thing is certain; hacking incidents are way up, especially for small businesses.
Let’s look at some more startling statistics revealing this truth.
7 Eye-Popping Cybersecurity Statistics Regarding Small Businesses
1. Small businesses saw a 424% increase in cyberattacks last year
When we say hackers were busy last year, we weren’t lying. According to Fundera, hacking incidents against small businesses increased five-fold in 2020.
In total, these types of attacks grew by 424%. Why would hackers target smaller businesses with less money to pay ransoms? You might be able to guess after reading on.
Check out how easy it is for hackers to infiltrate a company:
2. One-third of small businesses report using free, consumer-grade cybersecurity
While most major corporations are becoming aware of the realities of cyber breaches, many small businesses still have their proverbial heads in the sand.
A 2020 study by BullGuard revealed that a third of businesses with 50 or fewer employees reported using free, consumer-grade cybersecurity to protect themselves. One in five of these companies had no endpoint security at all.
It’s no wonder that hackers have increasingly targeted small businesses. Just like predators in the wild, hackers are targeting the weakest links. And right now, small businesses are the easiest prey.
3. 60% of small businesses think they’re unlikely to be attacked
Despite the massive increase in cyberattacks on SMBs and the devastating costs of experiencing such an attack, most small businesses still think it can’t happen to them.
60% of the small business owners surveyed by BullGuard assumed their companies were an unlikely target of cybercriminals.
Newsflash: cyber criminals don’t care what type of business you run. As long as there is sensitive data to be stolen, they will likely try, at some point, to take it.
4. The average cost of insider-related cyber incidents was $7.68 million
I know. That probably looks like a typo, but it isn’t. According to IBM and the Ponemon Institute’s The Cost of Insider Threats Global Report 2020, the average cost of an insider threat to small organizations (500 employees or less) was $7.68 million.
The biggest insider threat to an organization is negligence, likely caused by a lack of employee training.
5. Ransomware is the most common threat to small businesses
Ransomware is the single largest cybersecurity threat to small businesses. And according to Datto’s Global State of the Channel Ransomware Report, it wasn’t even close.
According to the report, 85% of managed service providers (MSPs) concluded ransomware was the most common threat to small businesses in 2019.
The study revealed that 89% of MSPs were “very concerned” about the threat of ransomware attacks. Sadly, only 28% of their small business clients felt the same.
6. 60% of companies go out of business six months after a security breach
Considering the exorbitant costs of getting hacked, this should come as no surprise. According to the National Cyber Security Alliance, 60% of companies go out of business within six months after falling victim to a data breach.
This research was done in 2015, so the numbers may have risen since then.
7. Phishing is the top threat action for 30% of organizations
While ransomware is one of the most common ways to infect a network, phishing is the most common way for hackers to infiltrate a network in the first place.
According to Verizon’s 2020 Data Breach Investigations Report, phishing was the top action in breaches of small organizations (and large ones).
Some of the biggest hacks we saw over the last year involved phishing. A Florida teenager tweeted a bitcoin scam from celebrity accounts such as Barack Obama and Elon Musk after infiltrating Twitter employees’ accounts via spear phishing.
Three North Korean hackers were recently charged with stealing millions of dollars from banks worldwide. They also used spear-phishing techniques.
How to Protect Your Company
Decision-makers at small businesses need to start treating cybersecurity with the gravity it deserves. As we’ve seen, if you wait until you’re attacked, it might be too late.
Luckily, there are steps you can take to help mitigate the risk.
- Require long, varied passwords for any sensitive accounts
- Enable two-factor authentication for any sensitive accounts
- Invest in basic cybersecurity training so employees can avoid common pitfalls such as social engineering
- Install and regularly update anti-virus software
- Limit employees’ access to sensitive data
- Conduct regular vulnerability tests and risk assessments
While these pointers are helpful, they’re only the tip of the iceberg. If you want to prepare your employees, invest in training and create a security culture at your business.
Featured image by Den Rise from Shutterstock.com