Small business

7 Cybersecurity Stats That Every Small Business Should Know in 2023

If you’re a decision-maker at a small business, the days of casually learning about cybersecurity are over. Data breaches and hacking incidents were already trending; the pandemic changed everything.

The move to remote working shifted the security landscape in ways we’re still trying to calculate. But one thing is certain; hacking incidents are way up, especially for small businesses.

Let’s look at some more startling statistics revealing this truth.

7 Eye-Popping Cybersecurity Statistics Regarding Small Businesses

1. Small businesses saw a 424% increase in cyberattacks last year

When we say hackers were busy last year, we weren’t lying. According to Fundera, hacking incidents against small businesses increased five-fold in 2020.

In total, these types of attacks grew by 424%. Why would hackers target smaller businesses with less money to pay ransoms? You might be able to guess after reading on.

Check out how easy it is for hackers to infiltrate a company:

Watch this hacker break into a company

2. One-third of small businesses report using free, consumer-grade cybersecurity

While most major corporations are becoming aware of the realities of cyber breaches, many small businesses still have their proverbial heads in the sand.

A 2020 study by BullGuard revealed that a third of businesses with 50 or fewer employees reported using free, consumer-grade cybersecurity to protect themselves. One in five of these companies had no endpoint security at all.

It’s no wonder that hackers have increasingly targeted small businesses. Just like predators in the wild, hackers are targeting the weakest links. And right now, small businesses are the easiest prey.

See also  Hacker Group REvil Holds $100 Million Ransom Over Acer

3. 60% of small businesses think they’re unlikely to be attacked

Despite the massive increase in cyberattacks on SMBs and the devastating costs of experiencing such an attack, most small businesses still think it can’t happen to them.

60% of the small business owners surveyed by BullGuard assumed their companies were an unlikely target of cybercriminals.

Newsflash: cyber criminals don’t care what type of business you run. As long as there is sensitive data to be stolen, they will likely try, at some point, to take it.

4. The average cost of insider-related cyber incidents was $7.68 million

I know. That probably looks like a typo, but it isn’t. According to IBM and the Ponemon Institute’s The Cost of Insider Threats Global Report 2020, the average cost of an insider threat to small organizations (500 employees or less) was $7.68 million.

The biggest insider threat to an organization is negligence, likely caused by a lack of employee training.

The top causes behind insider threats. | Source: IBM/Ponemon Institute

5. Ransomware is the most common threat to small businesses

Ransomware is the single largest cybersecurity threat to small businesses. And according to Datto’s Global State of the Channel Ransomware Report, it wasn’t even close.

According to the report, 85% of managed service providers (MSPs) concluded ransomware was the most common threat to small businesses in 2019.

Ransomware is the top threat to small businesses. | Source: Datto

The study revealed that 89% of MSPs were “very concerned” about the threat of ransomware attacks. Sadly, only 28% of their small business clients felt the same.

6. 60% of companies go out of business six months after a security breach

Considering the exorbitant costs of getting hacked, this should come as no surprise. According to the National Cyber Security Alliance, 60% of companies go out of business within six months after falling victim to a data breach.

See also  Hackers Display Their Boldness by Hitting D.C. Police With Ransomware

This research was done in 2015, so the numbers may have risen since then.

7. Phishing is the top threat action for 30% of organizations

While ransomware is one of the most common ways to infect a network, phishing is the most common way for hackers to infiltrate a network in the first place.

According to Verizon’s 2020 Data Breach Investigations Report, phishing was the top action in breaches of small organizations (and large ones).

Phishing was followed by stolen credentials as the top action taken in breaches. | Source: Verizon

Some of the biggest hacks we saw over the last year involved phishing. A Florida teenager tweeted a bitcoin scam from celebrity accounts such as Barack Obama and Elon Musk after infiltrating Twitter employees’ accounts via spear phishing.

Three North Korean hackers were recently charged with stealing millions of dollars from banks worldwide. They also used spear-phishing techniques.

How to Protect Your Company

Decision-makers at small businesses need to start treating cybersecurity with the gravity it deserves. As we’ve seen, if you wait until you’re attacked, it might be too late.

Luckily, there are steps you can take to help mitigate the risk.

  • Require long, varied passwords for any sensitive accounts
  • Enable two-factor authentication for any sensitive accounts
  • Invest in basic cybersecurity training so employees can avoid common pitfalls such as social engineering
  • Install and regularly update anti-virus software
  • Limit employees’ access to sensitive data
  • Conduct regular vulnerability tests and risk assessments

While these pointers are helpful, they’re only the tip of the iceberg. If you want to prepare your employees, invest in training and create a security culture at your business.

See also  Here’s the Single Largest Cybersecurity Threat to Small Businesses

Featured image by Den Rise from