Cybersecurity Stats

10 Small Business Cybersecurity Stats Every Business Owner Should Know

Like most organizations, small businesses have to handle customer data to run their operation. Unfortunately, small business owners don’t always have the resources to secure that data in the same ways larger businesses do – making them an easy target for cybercriminals.

Even an amateur cybercriminal knows they will likely find a naïve user they can trick with a phishing email — or an employee with a default or obvious password — in a small business where security training is often neglected. While many small business owners like to think they will not be targets, unfortunately, that “not much to steal” mentality is simply not true. Don’t believe us? Here are ten small business cybersecurity statistics you need to know.

1. 43% of Cyber Attacks Target Small Businesses

As larger businesses dedicate more resources to protecting their customers’ data against cyber-attacks, cybercriminals turn their attention to smaller businesses.

2. 60% of Small Businesses That Are Victims of a Cyber Attack Go Out of Business Within Six Months

It costs a lot of money to bounce back after falling victim to a data breach. And, unfortunately, most small businesses aren’t able to come up with the funds to do so. According to the US National Cyber Security Alliance, 60% of small businesses that fall victim to a cyber attack go out of business within half a year.

3. In 2020, There was a 424% Increase in New Small Business Cyber Breaches

The pandemic forced many businesses to quickly embrace a remote working environment without being fully prepared to do so, opening the floodgates to remote-working-related breaches.  These breaches were most frequently due to phishing attempts, malware, ransomware, and fraudulent payment requests.

4. 95% of Cybersecurity Incidents are caused by Human Error

You may think hackers and scammers are trying to crack codes and break algorithms. The truth of the matter is most data breaches are a result of errors made by employees. Hackers know that attacking a business’s IT infrastructure would take time and opt for a more straightforward method using social engineering. Social engineering is the use of techniques that manipulate people to get information. For example, weak passwords, clicking on links in unsolicited emails, and public Wi-Fi increase a business’s vulnerability.

5. 63% of Confirmed Data Breaches Leverage a Weak, Default, or Stolen Password

Most data breaches are the result of improper password security. Enforcing robust password protocols and mandating two-factor authentication can help minimize your risk.

6. Ransomware is The Most Common Threat to Small Businesses

Ransomware involves encrypting company data so that it cannot be used or accessed and then forcing the company to pay a ransom to unlock the data. Cybercriminals target small businesses with this type of attack because they know smaller businesses are more likely to pay a ransom, as their data is often not backed up.

7. Malware is the Second Biggest Threat to Small Businesses

Malware is a term for malicious code that hackers create to gain access to your business network, steal data, or destroy data on your devices. Malware usually gets installed on your device from malicious website downloads, malicious emails, or from connecting to other infected machines or devices. The software gives hackers a back door to access company data. As a result, employers who allow employees to use their own devices for work are at an increased risk of malware attacks. These attacks are particularly damaging for small businesses because they can cripple devices, which require expensive repairs or replacements.

8. Phishing is the Most Common Way for Hackers to Infiltrate a Network

Phishing attacks occur when an attacker impersonates a trusted contact and uses social engineering tactics to get their email recipient to click a malicious link, download a malicious file, or give them access to sensitive information, account details, or credentials. A solid email security gateway, like GTS Phishguard, can prevent phishing emails from reaching your employees’ inboxes. Scheduling regular security awareness training and phishing tests can also help your employees spot phishing attacks and report them.

9. 54% of Small Businesses Think They’re Too Small for a Cyberattack

Most small businesses don’t think they’re big enough to be a target for hackers and cybercriminals. But, as you can see by these statistics we’ve highlighted, “too small” isn’t a consideration for cybercriminals.

10. 54% of Small Businesses Don’t Have a Back Up Plan in Place for Reacting to Cyber Attacks

It’s not surprising that if 54% of small businesses think they’re too small for hackers to target, over half also don’t have a plan in place for when an attack happens. A convenient data backup solution ensures that your company and team are protected no matter what happens.

The best way to protect yourself from becoming one of these statistics is by creating a small business cybersecurity plan. At GTS, we offer a variety of security solutions and are happy to help identify places where your defenses could be stronger. So give us a call at (904) 606-6011 or email to learn how we can help protect your small business today.


Paul May