Cyber Security Statistics: Numbers Small Businesses Need to Know

CYBER SECURITY STATISTICS - Numbers Small Businesses Need to Know

We’ve collected these cyber security statistics for small businesses from a variety of sources.

General Small Business Cyber Security Statistics

  • 43 percent of cyber attacks target small business.
  • Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.
  • 60 percent of small companies go out of business within six months of a cyber attack.
  • 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
  • Small businesses are most concerned about the security of customer data:

CYBER SECURITY STATISTICS - Numbers Small Businesses Need to Know

Small Business Cyber Security Attack Statistics

The numbers show that small businesses are not only at risk of attack, but have already been attacked:

  • 55 percent of respondents say their companies have experienced a cyber attack in the past 12 months(May 2015 -May 2016), and
  • 50 percent report they had data breaches involving customer and employee information in the past 12 months (May 2015 -May 2016).

CYBER SECURITY STATISTICS - Numbers Small Businesses Need to Know

  • In the aftermath of these incidents, these companies spent an average of $879,582 because of damage or theft of IT assets.
  • In addition, disruption to normal operations cost an average of $955,429.
  • The types of cyberattacks broke out as following:

CYBER SECURITY STATISTICS - Numbers Small Businesses Need to Know

  • The root causes of data breaches broke out as following:

CYBER SECURITY STATISTICS - Numbers Small Businesses Need to Know

Small Business Cyber Security Prevention Statistics

  • While many small businesses are concerned about cyber attacks (58 percent), more than half (51 percent) are not allocating any budget at all to risk mitigation.
  • Dangerous disconnect: one of the more popular responses as to small businesses they don’t allocate budget to risk mitigation was that they, “feel they don’t store any valuable data.” Yet a good number reported that they in fact DO store pieces of customer information that are of significant value to cyber criminals:
    • 68 percent store email addresses;
    • 64 percent store phone numbers; and
    • 54 percent store billing addresses.
  • Small businesses reported that only:
    • 38 percent regularly upgrade software solutions;
    • 31 percent monitor business credit reports; and
    • 22 percent encrypt databases.
  • If a company has a password policy, 65 percent of respondents say they do not strictly enforce it.
  • 16 percent of respondents admitted that they had only reviewed their cybersecurity posture after they were hit by an attack.
  • 75 percent of small businesses have no cyber risk insurance.

Bottom Line

As cyber criminals continue to target small businesses, owners and employees need to know how to protect both their customers and themselves. Here are some useful links for doing just that:

Cyber SEcurity Photo via Shutterstock

More in: , 23 Comments ▼

Matt Mansfield Matt Mansfield is the Tech Editor and SEO Manager at Small Business Trends where he is responsible for directing and writing many of the site’s product reviews, technology how-to’s, and lists of small business resources as well as increasing the reach of our content.

23 Reactions
  1. As the Internet becomes more advanced, the methods to infiltrate are also getting more advanced as well. This calls for a tighter form of cyber security.

  2. I agree that customer records is the most important – these are your records of your sales. But then, there are also patents and trademarks.

  3. Scary on how these can affect your business. It only takes one hacker to get all of your information especially with the cloud.

  4. As the owner of an insurance agency that specializes in Cyber Liability Insurance, I cannot tell you how IMPORTANT this kind of specialized insurance coverage is. Not only does it provide coverage for cyber attacks and data breaches, these policies typically cover lost or stolen data or equipment as well as the unfortunate act of an willingly or unwillingly releasing sensitive company, client or patient-related information. For the cost of the insurance, you just can’t beat the coverage…for now at least. As more and more incidents occur and more actuarial data is a acquired, there’s concern about product availability and increased cost.
    Call an agent or broker in your area that specializes in cyber liability for a business review and quote. Don’t wait…as was mentioned above, 60% of small businesses don’t recover from a breach!

  5. That’s insightful information. It’s heartening to see how well prepared we are now.