23 Small Business Cybersecurity Statistics – 2022

When it comes to headline-making cybersecurity incidents, it’s usually large companies that get the most press. However, small businesses are even more frequently targeted by attacks, with 43% of all data breaches targeting small businesses.

Read on for 23 small business cybersecurity statistics to keep in mind.

1. Small Businesses Are the Target of 43% of All Data Breaches

As mentioned above, many people assume that large corporations would be a primary target for cyberattacks. However, enterprises typically have solid cybersecurity protections in place, making them harder to infiltrate.

Comparatively, gaining entry into small business systems is often a breeze. As a result, they’re the number one target for cybercriminals, representing 43% of all data breaches in 2019.

[Source: CNBC]

2. 61% of SMBs Experienced a Cyberattack During the Last Year

Among small to medium-sized businesses (SMBs), a full 61% experienced a cyberattack during the past year. While not all attacks were successful or damaging, it shows how prolific the issue is in the small business landscape.

[Source: Verizon]

3. Data Breaches Cost SMBs an Average of Nearly $3 Million Per Incident

Generally, any business with fewer than 500 employees qualifies as an SMB. Among companies of that size, the average cost of a data breach is close to $3 million per incident.

[Source: IBM]

4. 60% of Small Businesses Go Out of Business Within 6 Months After a Cyberattack

Cyberattacks aren’t just inconvenient for small businesses; they’re costly, catastrophic events that can completely derail the company. Overall, within six months of an attack, 60% of small businesses that fell victim to attackers shutter their doors for good.

[Source: Business Australia]

5. 25% of Small Business Owners That Experienced an Attack Lost Business

Among small businesses that fell victim to cybercriminals, 25% lost business because of the attack. This can be due to downtime leading to a missed opportunity, customers becoming wary about using a company they view as less secure, or any other reason.

[Source: BullGuard]

6. Malware Is the Most Common Threat, Comprising 18% of Attacks on SMBs

When it comes to cybersecurity threats, small businesses deal with malware most often. Overall, 18% of small businesses that experienced an attack have been victims of malware.

In second place is phishing, with 17% of small businesses that experienced hacks being targeted using this vector. Data breaches came in third with 16%, while DDoS occurred for 12%, and 10% were targeted with malware.

[Source: Tech Republic]

7. 51% of Small Business Owners Pay the Money When Hit with Ransomware

Among small businesses that were targeted and infected by ransomware, 51% chose to pay the ransom. Twenty-four percent even covered the cost out of pocket. The other 27% used cyber insurance to handle the expense.

[Source: CNBC]

8. 88% of Small Business Owners Feel They’re Vulnerable to an Attack

Overall, the vast majority of small business owners know that they are potential targets. However, paying for professional IT services is out of reach for many. Additionally, most owners don’t know where to start when it comes to shoring up their cybersecurity or feel they don’t have the time to figure it out.

Since not all small business owners can or will take precautions to keep their systems secure, it’s not a surprise that the vast majority think they’re at risk. Overall, 88% of small business owners feel they’re vulnerable to an attack.

[Source: Small Business Administration]

9. 47% of Small Businesses with Fewer Than 50 Employees Have No Cybersecurity Budget

A startling 47% of businesses with 50 or fewer employees, have no cybersecurity budget whatsover. Of those that do, only a small number have a dedicated cybersecurity budget, separate from IT spending. All told, only 8% of small businesses have a formal, dedicated budget to ward off cyberattacks.

[Source: Corvus Insurance]

10. 56% of Small Business Owners Aren’t Worried About Being Hacked in the Next 12 Months

While small business owners may realize that their vulnerable to a cybersecurity attack, that doesn’t mean they assume one is on the horizon. A full 56% of small business owners aren’t concerned about being hacked over the next 12 months. In fact, 24% weren’t worried at all.

[Source: CNBC]

11. Nearly 60% of Small Business Owners Are Confident They Can Resolve a Cybersecurity Attack

While many small business owners don’t have formal cybersecurity budgets and aren’t able to take every precaution, the vast majority seem to assume that isn’t an issue. Fifty-nine percent are confident that they can quickly resolve a cybersecurity attack should one occur.

[Source: CNBC]

12. 42% of Small Business Owners Have No Cyberattack Response Plan

Among small business owners, 42% don’t have any plan in place to respond to a cyberattack. Another 11% aren’t sure whether there’s a plan in place, indicating they could experience issues should an attack occur.

[Source: CNBC]

13. 40% of Attacked Small Businesses Lost Critical Data

Among small businesses that fell victim to a cyberattack, 40% lost critical data during the event.

[Source: BullGuard]

14. Just 26% of Small Business Owners Have Cyberattack Insurance

Cyberattack insurance is a classic form of protection against an attack, decreasing the financial hardship hackers can cause. However, just 26% of small business owners invest in this protection.

[Source: CNBC]

15. 22% of Small Business Owners Increased Their Cybersecurity Spending This Year

Year over year, 22% of small business owners increase their cybersecurity budgets to protect themselves against threats. Another 67% kept their spending levels the same. Overall, the remaining 11% either weren’t sure if their spending had changed or reduced the amount they dedicated to cybersecurity.

[Source: CNBC]

16. 76% of Small Business Owners Think Disclosing a Hack Should Be Required

Generally, small business owners feel that customers have a right to know if a company they use was hacked. In fact, 76% of small business owners think such disclosures should be mandatory.

[Source: CNBC]

17. 43% of Cyberattacks Target Small Businesses

Small businesses are targeted by cybercriminals far more than most would expect. Overall, 43% of cyberattacks aim at small businesses.

[Source: Accenture]

18. 40% of Small Businesses That Fell Victim to a Cyberattack Experienced 8+ Hours of Downtime

The impacts of a cyberattack are often multifold. However, when it comes to downtime specifically, 40% of small businesses that were targeted by an attack were down for at least eight hours.

[Source: CISCO]

19. 50% of Small Business That Were Successfully Attacked Took 24+ Hours to Recover

Recovering from an incident and being able to resume business as normal isn’t usually a fast process following an attack. Overall, half of all small business owners said it took at least 24 hours to resume operations.

[Source: BullGuard]

20. 52% of SMBs Don’t Have Dedicated Cybersecurity IT Employees

Among SMBs, 52% spread cybersecurity responsibilities across roles instead of having dedicated cybersecurity team members on staff. Those responsibilities may shift to other tech professionals, some of which may have limited knowledge of cybersecurity beyond their niche, while others may tap other employees outside of IT.

[Source: Untangle]

21. Just 22% of Small Businesses Encrypt Their Data

Often, encryption is considered a basic protection against an attack, ensuring that even if a system is breached, the data isn’t easily readable. However, just 22% of small businesses actually encrypt their databases.

[Source: Verizon]

22. One-in-Five Small Businesses Use No Endpoint Security

Endpoint security is critical for ensuring desktops, laptops, smartphones, and similar devices are protected on a basic level. However, a startling one-in-five small businesses don’t use endpoint security of any kind.

[Source: BullGuard]

23. One-Third of Small Businesses Rely on Free, Consumer-Oriented Cybersecurity Solutions

While businesses benefit from more robust security mechanisms, not all small businesses go with paid-for, business-grade services. Instead, one-third rely on free, consumer-grade antivirus, antimalware, and similar products.

[Source: BullGuard]

Leave a Comment