General Small Business Cyber Security Statistics
- 43 percent of cyber attacks target small business.
- Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.
- 60 percent of small companies go out of business within six months of a cyber attack.
- 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
- Small businesses are most concerned about the security of customer data:
Small Business Cyber Security Attack Statistics
The numbers show that small businesses are not only at risk of attack, but have already been attacked:
- 55 percent of respondents say their companies have experienced a cyber attack in the past 12 months(May 2015 -May 2016), and
- 50 percent report they had data breaches involving customer and employee information in the past 12 months (May 2015 -May 2016).
- In the aftermath of these incidents, these companies spent an average of $879,582 because of damage or theft of IT assets.
- In addition, disruption to normal operations cost an average of $955,429.
- The types of cyber attacks broke out as following:
- The root causes of data breaches broke out as following:
Small Business Cyber Security Prevention Statistics
- While many small businesses are concerned about cyber attacks (58 percent), more than half (51 percent) are not allocating any budget at all to risk mitigation.
- Dangerous disconnect: one of the more popular responses as to small businesses they don’t allocate budget to risk mitigation was that they, feel they don’t store any valuable data. Yet a good number reported that they in fact DO store pieces of customer information that are of significant value to cyber criminals:
- 68 percent store email addresses;
- 64 percent store phone numbers; and
- 54 percent store billing addresses.
- Small businesses reported that only:
- 38 percent regularly upgrade software solutions;
- 31 percent monitor business credit reports; and
- 22 percent encrypt databases.
- If a company has a password policy, 65 percent of respondents say they do not strictly enforce it.
- 16 percent of respondents admitted that they had only reviewed their cybersecurity posture after they were hit by an attack.
- 75 percent of small businesses have no cyber risk insurance.
Bottom Line
As cyber criminals continue to target small businesses, owners and employees need to know how to protect both their customers and themselves.