Small businesses account for 43% of cyber attacks annually and 46% of cyber attacks were small businesses with 1,000 or fewer employees. On average, small and medium-sized businesses (SMBs) lose $25,000 due to cyber attacks. In 2020, small businesses faced over 700,000 attacks which caused a total of $2.8 billion in damages.
Over the past twelve months, there has been a dramatic spike in cyber attacks against small businesses. Unfortunately, this trend is only going to continue in the years to come. As small businesses move their operations to the cloud and adopt more advanced technologies, they become increasingly vulnerable to attack.
With the current state of affairs, small business owners must be conscious of the dangers that their businesses face and take precautionary measures. In this article, we will discuss 39 plus small business cyber attack statistics 2023 and what you can do about them!
Top Small Business Cyber Attack Statistics 2023
Here are the top statistics for 2023, involving small businesses and cyber attacks that affect them:
- Accenture’s Cybercrime study reveals that nearly 43% of cyber-attacks are targeted at SMBs.
- Only 14% of these accounted SMBs are prepared to face such an attack.
- On average, SMBs spend between $826 and $653,587 on cybersecurity incidents.
- 95% of cybersecurity breaches are attributed to human error. (World Economic Forum)
- The next five years are due to see a 15% increase in cybercrime costs reaching 10.5 trillion by 2025.
Importance of Security Awareness for Small Businesses
Regardless of the size, shape, or industry, your small business belongs to, attackers are targeting businesses with security vulnerabilities. Recent statistics show that small businesses accounted for 58% of all reported cyber attacks in 2020. The increasing number of internet-based businesses is a cause for alarm that all small business owners should take into consideration.
Unfortunately, small business owners often have limited resources to dedicate to cybersecurity, which makes them even more vulnerable to attack. It is crucial for small businesses to prioritize security awareness and make sure their employees are properly trained on cybersecurity best practices.
30 Crucial Statistics Around Cyber Attacks on Small Businesses
1. Cyberattacks against the United States more than doubled in 2020, accounting for 46% of all such attacks globally. (Microsoft)
2. Cybersecurity risks are on the rise for business leaders, with 68% feeling confident that their risks are increasing. (Accenture)
In the post-Covid era, cyber risks have changed. More and more businesses are leaning towards a bring-your-own-device model, and tons of applications are being used on an enterprise-wide scale as well as on a personal level. Too many people have access that they do not need and many people are signed into applications that they haven’t used in months. All of these combined create a scenario where small and mid-size businesses become easy prey for hackers.
- 54% of businesses admit that their IT departments lack the experience to manage complex cyberattacks. (Sophos)
- 43% of all data breaches are caused by insiders, whether on purpose or not. (Check Point)
- 70% of data breaches in 2021 were motivated by money, while only a tiny fraction was done for espionage purposes. (Verizon)
- A staggering 42% of companies are experiencing cyber fatigue or a sense of apathy toward proactively defending against digital attacks. (Cisco)
The cost of cyber security assessment is just one of the many reasons why necessary steps are often ignored by small businesses. The security plans stay put in the pipeline for months while the companies try to mitigate the burgeoning risk with antiviruses and other inexpensive modes of cyber defense.
Cost of Cyberattack Statistics
- In 2021, the average cost of a data breach was an unprecedented $4.24 million. (IBM)
- In 2021, the average time it took to identify a data breach was 212 days. (IBM)
- In 2021, the average organization took 286 days to identify and contain a breach. (IBM)
- An 18-month-old data breach was found by Neiman Marcus in September 2021, resulting in the exposure of 4.6 million shoppers’ payment information and other data. (Neiman Marcus)
- In 2021, personal data was stolen in 45% of all breaches. (Verizon)
- Companies that suffer data breaches see a sharp decrease in repeat customers, with 55% of people in the U.S. saying they would take their business elsewhere.
- A recent report unveiled that it took 50% of small businesses more than 24 hours to recover from an attack.
- When asked, over 51% of all small businesses said that their website had been inaccessible for 8 to 24 hours.
- In 2020, small businesses faced over 700,000 attacks which caused a total of $2.8 billion in damages.
- 40% of small businesses worldwide have reported losing essential data due to an attack.
- If your small business falls victim to ransomware, there’s a 51% chance you’ll pay the fee.
- If nearly three-quarters or 75% of small businesses were to experience a ransomware attack, bankruptcy would soon follow for the majority of them.
- A staggeringly low 17% of small businesses have cyber insurance.
- 48% of all companies waited until they experienced an attack before buying insurance.
- 64% of small businesses are unfamiliar with cyber insurance.
Small Business Cyber Attack Statistics 2023- Phishing and Ransomware
Many cyber attackers prefer SMBs to large enterprises nowadays knowing fully well that their preparedness for attacks like phishing and ransomware is far less than the latter. Here are some statistics that show how SMBs are affected by phishing attacks and ransomware:
- Only 14% of SMBs have a cyber security plan in place.
- Small businesses account for 43% of cyber attacks annually.
- An average of $25,000 is lost by SMBs.
- Besides phishing, other common cyber attacks on SMBs include credential theft and making use of stolen devices.
- According to Cybereason, SMBs are most vulnerable to supply chain attacks.
- The average ransom for small businesses is only $5900.
- 55% of ransomware hit businesses with fewer than 100 employees, while another 75% of attacks targeted companies making less than $50 million in revenue.
- 82% of ransomware attacks were targeted at companies with less than 1000 employees.
Small Business Preparedness Statistics
- 47% of businesses that have less than 50 employees don’t allocate any funds towards cybersecurity.
- 51% of small businesses don’t utilize any cybersecurity measures.
- 36% of small businesses have no concern whatsoever about cyberattacks.
- 59% of small business owners who have no cybersecurity believe that their company is too minuscule to be targeted.
- An alarming minority or 17% of small businesses encrypt data.
- Approximately 20% of small businesses have implemented multi-factor authentication in order to further increase security.
- In 80% of all hacking cases, compromised credentials or passwords are to blame.
- One-third of small businesses depend on free cybersecurity solutions meant for individual consumers rather than enterprises.
- The rising fear of new threats has led 76% of small businesses to increase their cybersecurity spending.
- An overwhelming majority or 87% of small businesses have customer data that could be taken or damaged in an assault.
Response and Defense Statistics
- 34. 42% of small businesses have updated their cybersecurity protocol in response to the COVID-19 pandemic.
- 35. Half of the small businesses dedicate less than $1,500 per month to cybersecurity.
- 36. In 2021, 22% of small businesses allocated more money towards cybersecurity protection.
- 37. On average, small and medium-sized businesses (SMBs) allocate 5% — 20% of their total IT budget towards security.
- 38. In the event of a data breach, 29% of businesses immediately hired professional cybersecurity help or increased their in-house IT staff.
- 39. businesses are most frequently adopting antivirus software (58%), firewalls (49%), VPNs (44%), and password management tools
- 46% of all digital breaches target small Businesses with 1,000 or fewer employees.
Verizon’s Data Breach Investigations Report for 2021 showed that small businesses have been increasingly targeted by cybercriminals in recent years. In fact, Symantec found that 43% of all attacks in 2015 impacted businesses with 250 or fewer employees; just 34% did so the year before.
Cybercriminals see smaller businesses as more lucrative targets than large enterprises for a number of reasons: they’re easier to access and have fewer security protections, and attacking many small or midsize businesses at once presents the opportunity to receive significant financial gain without much media or law enforcement attention.
Small businesses are the most likely to receive malicious emails targeting them at a rate of one in 323
Small businesses with under 250 employees tend to be more susceptible to email threats like phishing, spam, and malware. In fact, one in every 323 emails sent to these businesses is malicious. That may not sound like a lot, but when you consider the average person working in an office receives 121 emails per day, it’s a pretty high number.
Social engineering attacks are 350% more common for employees of small businesses than at larger enterprises
Small businesses are easy prey for social engineering attacks, such as phishing, baiting, quid pro quo, pretexting, and tailgating exploitation of human interaction. Due to their size, small businesses are 350% more likely to receive threats than large companies. Some popular target examples include CEOs and CFOs because of their authority within the company but executive assistants that have access to accounts belonging to high-level company members are also targeted frequently.
The risk of a security breach isn’t necessarily proportionate to the size of a company. In fact, small businesses are often easier to target owing to their smaller security budgets and inability to prioritize security over other aspects of a business. Small business owners may embrace a different approach towards cyber security once they understand the real return on investment when it comes to finding and fixing security vulnerabilities.
This is where Astra’s Pentest Suite comes in. With Astra, you can get a clear ROI for every vulnerability detected by the scanner. Since the vulnerabilities are vetted for authenticity by experts, there is little to zero chance for you to waste resources on false positives. Remediation is super efficient with video PoCs and contextual collaboration offered by Astra Security. Talk to us to learn more.