Cyberattacks against small businesses have been on the rise in recent years. Despite the attitude among many small business owners that hackers only go after behemoths, smaller companies make increasingly attractive prey. In fact, certain types of attacks–social engineering attacks, like phishing, for example–are much more commonly aimed at small businesses.
Cybercriminals assume that weaker security measures will make small businesses easier to crack than larger enterprises. Small businesses are generally not financially prepared for an attack, and most lack cyber insurance. For many smaller companies, a successful cyberattack may even put them out of business.
Slowly, small businesses are waking up to the reality that they are targets, just like larger companies. They are increasingly strengthening their security posture with tools and practices that minimize their risk of being breached.
We’ve gathered the most recent cybersecurity statistics relevant to small businesses. Read on to find out exactly what they are up against and what steps they can take to defend themselves.
Easy Small Business Cybersecurity Statistics Finder
1. 46% of all cyber breaches impact businesses with fewer than 1,000 employees.
2. 61% of SMBs were the target of a Cyberattack in 2021.
3. At 18%, malware is the most common type of cyberattack aimed at small businesses.
4. 82% of ransomware attacks in 2021 were against companies with fewer than 1,000 employees.
5. 37% of companies hit by ransomware had fewer than 100 employees.
6. Small businesses receive the highest rate of targeted malicious emails at one in 323.
7. Employees of small businesses experience 350% more social engineering attacks than those at larger enterprises.
8. 87% of small businesses have customer data that could be compromised in an attack.
9. 27% of small businesses with no cybersecurity protections at all collect customers’ credit card info.
10. 55% of people in the U.S. would be less likely to continue doing business with companies that are breached.
11. 95% of cybersecurity incidents at SMBs cost between $826 and $653,587.
12. 50% of SMBs report that it took 24 hours or longer to recover from an attack.
13. 51% of small businesses said their website was down for 8 – 24 hours.
14. In 2020 alone, there were over 700,000 attacks against small businesses, totaling $2.8 billion in damages.
15. Nearly 40% of small businesses reported they lost crucial data as a result of an attack.
16. 51% of small businesses that fall victim to ransomware pay the money.
17. 75% of SMBs could not continue operating if they were hit with ransomware.
18. Just 17% of small businesses have cyber insurance.
19. 48% of companies with insurance did not purchase it until after an attack.
20. 64% of all small businesses are not familiar with cyber insurance.
21. 47% of businesses with fewer than 50 employees have no cybersecurity budget.
22. 51% of small businesses have no cybersecurity measures in place at all.
23. 36% of small businesses are “not at all concerned” about cyberattacks.
24. 59% of small business owners with no cybersecurity measures in place believe their business is too small to be attacked.
25. Only 17% of small businesses encrypt data.
26. 20% of small businesses have implemented multi-factor authentication.
27. 80% of all hacking incidents involve compromised credentials or passwords.
28. One-third of small businesses with 50 or fewer employees rely on free, consumer-grade cybersecurity solutions.
29. 76% of small businesses that increased cybersecurity spending cited rising fear of new threats.
30. 42% of small businesses have revised their cybersecurity plan since the COVID-19 pandemic.
31. Nearly half of small businesses spend less than $1,500 monthly on cybersecurity.
32. 22% of small businesses increased cybersecurity spending in 2021.
33. SMBs spend 5% to 20% of their total IT budget on security.
34. 29% of businesses that suffered a breach responded by hiring a cybersecurity firm or dedicated IT staff.
35. Antivirus software (58%), firewalls (49%), VPNs (44%), and password management (39%) are the top four cybersecurity tools SMBs are adopting.
