You may have heard the oft-quoted small business cyber\nsecurity statistic that\u2019s something akin to \u201c60% of small companies that suffer\na cyber attack are out of business within six months.\u201d Heck, like many major\nmedia outlets, we\u2019ve even quoted this stat ourselves in the past. However, it\nturns out that the organization that\u2019s often attributed for this small business\ncyber security statistic, the National Cyber Security Alliance (NCSA), actually\nrecommends not<\/em> citing this statistic for the following\nreason<\/a>:<\/p>\n\n\n\n \u201cThis statistic was not generated from NCSA research, and we cannot verify its original source. NCSA has not actively referenced this statistic for several years, but we discovered that it was included in an outdated infographic on our website. We have removed all of these references and do not recommend its ongoing usage. Members of the media, policy makers, small businesses and others are encouraged to rely upon more current and clearly sourced data.\u201d<\/em> <\/p>\n<\/blockquote>\n\n\n\n Well, that\u2019s a bummer, right? <\/p>\n\n\n\n While we here at Hashed Out may not be the internet\u2019s top resource for cyber security related information \u2013 though we strive to be and have more than two million readers \u2013 we still want to do the best job we can at providing you with the best and most useful information possible. This includes topics such as small business cyber security statistics<\/a>. <\/p>\n\n\n\n With this in mind, we\u2019ve updated our list of some of the small business cyber security statistics you SHOULD know in one convenient resource. We\u2019ll also discuss why SMBs make such attractive targets and what you can do to protect your business. <\/p>\n\n\n\n Let\u2019s hash it out.<\/span><\/p>\n\n\n\n The ongoing COVID-19 global pandemic is changing things for small businesses and organizations around the world. An August 2020 report from INTERPOL<\/a> indicates that small businesses may not (currently) be the top target of cybercriminals:<\/p>\n\n\n\n “To maximise damage and financial gain, cybercriminals are shifting their targets from individuals and small businesses to major corporations, governments and critical infrastructure, which play a crucial role in responding to the outbreak. Concurrently, due to the sudden, and necessary, global shift to teleworking, organizations have had to rapidly deploy remote systems, networks and applications. As a result, criminals are taking advantage of the increased security vulnerabilities arising from remote working to steal data, generate profits and cause disruption.\u201d<\/em><\/p>\n<\/blockquote>\n\n\n\n But just because larger organizations are their primary targets doesn\u2019t mean that SMBs should let their guards down, either. Many types of cyber attacks and other dangers still pose a risk to small and mid-size businesses, too.<\/p>\n\n\n<\/span><\/span>\n\n\n\n Well, that answer depends. One of the things that makes reporting small business cyber security statistics a bit challenging is that different reports identify small businesses differently. For example, according to some of the reports we cite in this article:<\/p>\n\n\n\n With this in mind, let\u2019s kick off our list of small business cyber security statistics.<\/p>\n\n\n\n 1. $2.98 Million: The Average Cost of a Data Breach for SMBs With <500 Employees<\/strong><\/p>\n\n\n The costs associated with data breaches vary greatly depending on the size of the organization and scope of the attack. Research from IBM and the Ponemon Institute\u2019s 2021 Cost of a Data Breach Report<\/a> shows that small organizations (those with fewer than 500 employees) spend an average of nearly $3 million per incident. Compare this to the $2.63 million price tag for organizations with 500-1000 employees and the $5.25 million average per-incident cost for organizations with 10,001-25,000 employees.<\/p>\n\n\n\n 2. 43% of SMBs Lack Any Type of Cybersecurity Defense Plans<\/strong><\/p>\n\n\n\n What if we were to tell you that more than two in five companies that have 50 or fewer employees in the U.S. and United Kingdom don\u2019t have any type of cybersecurity defense plan in place? Yes, that\u2019s right. A January 2020 research study<\/a> by BullGuard showcases a disturbing number of businesses are choosing to be reckless. They\u2019re essentially rolling the dice in terms of securing their data (and that of their customers) from small business cyber attacks.<\/p>\n\n\n\n 3. One in Five SMBs Don\u2019t Use Any Endpoint Security Protections<\/strong><\/p>\n\n\n\n BullGuard\u2019s survey of 3,083 SMBs also shows that 23% of small businesses in both the U.K. and U.S. neglect to use endpoint security mechanisms. Additionally, 32% of those surveyed who do use endpoint security protections say they rely solely on free, consumer-grade cybersecurity solutions. Yeah, take a moment to wrap your head around that one!<\/p>\n\n\n 4. Only 47% of SMBs Find Breaches Within Days<\/strong><\/p>\n\n\n\n Speed is of the essence when it comes to discovering data breaches. Verizon\u2019s 2021 Data Breach Investigations Report (DBIR)<\/a> shows that while small organizations were doing better than their large organization counterparts last year, those big boys are finding breaches \u201cwithin days or faster\u201d in 55% of the cases. Compare this to the 47% of small ones.<\/p>\n\n\n\n 5. AWS Has 72% of Market Share for SMBs That Use Public Cloud<\/strong><\/p>\n\n\n\n Amazon Web Services (AWS) is the leading public cloud service provider for small businesses, according to Flexera\u2019s 2021 State of the Cloud Report<\/a>. Azure comes in second with 48% and Google follows with 39%.<\/p>\n\n\n\n As cloud becomes more widely adopted, it\u2019s essential that businesses take the necessary steps to ensure they\u2019re as secure as possible. For more information relating to cloud security statistics<\/a>, be sure to check out our article on that topic.<\/p>\n\n\n\n 6. 78% of SMBs View Security as Their Top Cloud Security Challenge<\/strong><\/p>\n\n\n\n Nearly four in five of the SMB technical professional who responded to Flexera\u2019s survey indicate that security is their biggest cloud hurdle. This is followed by concerns relating to better managing cloud spend (76%) and lacking the necessary resources and expertise (72%). <\/p>\n\n\n\n Check out the table below to see how these cloud challenges stack up against Enterprises (as well as a breakdown of other cloud challenges):<\/p>\n\n\n 7. 93% of Small Business Data Breaches Are Financially Motivated<\/strong><\/p>\n\n\n\n When it comes to money, to paraphrase a line from a popular country song, cybercriminals \u201clike it, love it, and want some more of it.\u201d Verizon\u2019s 2021 DBIR report shows that the data breaches they analyzed were overwhelmingly caused by threat actors who had financial motivations. Compare this to 3% of cases that involved espionage and the remaining 4% that include \u201cfun\u201d and \u201cconvenience\u201d as motives.<\/p>\n\n\n\n This differs from larger organizations (1,000 or more employees) that had 87% of breaches that were financially motivated.<\/p>\n\n\n\n 8. 84% of MSPs Say SMBs Should Be “Very Concerned” About Ransomware<\/strong><\/p>\n\n\n\n In their 2020 Global State of the Channel Ransomware Report<\/a>, Datto reported that four in five managed service providers (MSPs) identified ransomware (68%) as the biggest malware threat to SMBs. But there appears to be a significant difference in opinion regarding the threat of ransomware attacks:<\/p>\n\n\n\n Be sure to check out our other article that specifically focuses on ransomware statistics<\/a>.<\/p>\n\n\n\n 9. 63% of SMBs Report Experiencing a Data Breach in the Previous 12 Months<\/strong><\/p>\n\n\n\n Data from a 2019 study by Keeper Security and the Ponemon Institute<\/a> shows that the number of small and medium-sized businesses that experienced data breaches increased to 63% in FY 2019. In the two prior fiscal years, participants report 58% in FY 2018 and 54% in FY 2017, respectively.<\/p>\n\n\n\n 10. Small Organizations’ Privacy Budgets Reach an Average of $1.6 Million<\/strong><\/p>\n\n\n\n Cisco reports in its 2021 Data Privacy Benchmark Study<\/a> that the average privacy budget for smaller organizations (250-499 employees) doubles from $0.8 million to $1.6 million. Although they didn\u2019t have data available from last year, this year\u2019s average privacy budget for small businesses with 50-249 employees is $1.1 million.<\/p>\n\n\n\n 11. 46% of SMBs With <1K Employees Had 5-16 Hours of Breach-Related Downtime<\/strong><\/p>\n\n\n\n Cisco\u2019s 2020 CISO Benchmark Study data indicates that downtime from data breaches is an issue for all organizations with up to 10,000 employees. According to their data (as it was cited in Cisco\u2019s \u201cSecuring What\u2019s Now and What\u2019s Next\u201d report<\/a>), small and mid-size organizations with 250-449 employees reported the following:<\/p>\n\n\n\n For businesses with more employees \u2014 500-999 or 1,000-9,999 employees \u2014 their numbers showed greater variance:<\/p>\n\n\n 12. 47% of SMBs Report Keeping Data Secure as Biggest Challenge<\/strong><\/p>\n\n\n\n VIPRE\u2019s SMB Security Trends<\/a> survey results indicate that nearly half of the CISOs and IT pros surveyed find data security to be their biggest IT security challenge. The next biggest hurdles they identified include preventing data loss (42%) and increasing employee security awareness (41%).<\/p>\n\n\n\n 13. Credentials (44%) Represent the Most Compromised Type of Data in 2019<\/strong><\/p>\n\n\n\n Credential compromise continues to be an issue for SMBs and other businesses as well. Verizon\u2019s 2020 DBIR reports that more than half (52%) of small businesses reported issues of credential compromised in 2019. Their 2021 DBIR shows that while the number has decreased to 44%, it remains the most common type of compromised data followed by:<\/p>\n\n\n\n But just who does Verizon say is responsible for these attacks on small businesses?<\/p>\n\n\n\n 14. 57% of SMB Data Breaches Involve External Threat Actors<\/strong><\/p>\n\n\n\n By far, the overwhelming majority (57%) of the data breaches that targeted small businesses were perpetrated by external threat actors, according to Verizon\u2019s 2021 DBIR. However, it\u2019s worth mentioning that this is a noticeable decrease from the 74% they reported in their 2020 DBIR.<\/p>\n\n\n\n But how does this compare to insider threats? Verizon says that internal threat actors were responsible for 44% of the breaches they analyzed in their 2021 report. This is an increase from the 26% they reported the previous year\u2019s report.<\/p>\n\n\n\n 15. 22% of SMBs Switched to Remote Work Without a Cybersecurity Threat Prevention Plan<\/strong><\/p>\n\n\n The COVID-19 global pandemic forced the hands of businesses worldwide to allow their employees to work from home at unprecedented rates starting in 2020. But what does this mean for small business cybersecurity preparations? Research from Alliant Cybersecurity<\/a> shows that one-in-five small businesses jumped head-first into remote working without having a clear cybersecurity mitigation or prevention policy in place.<\/p>\n\n\n\n Now, consider that more than half (52%) of these SMBs indicate that they didn\u2019t regularly allow their employees to work remotely prior to the start of the pandemic. With this in mind, it\u2019s easy to imagine what kind of Pandora\u2019s box this opens in terms of cybersecurity vulnerabilities and risks. <\/p>\n\n\n\n Unfortunately, what makes matters worse is findings from the Keeper Security\/Ponemon Institute survey we mentioned earlier. Their data shows that 39% of their SMB survey respondents report that their organizations lack any incident response plans. So, this means that when (not if) crap hits the proverbial cooling system, they won\u2019t have a plan in place that helps them to respond to cyber-related events. <\/p>\n\n\n\n Small businesses are the drivers of the U.S. economy. The most recent data from the U.S. Small Business Administration (SBA) reports<\/a> that there are 32.5 million small businesses in the U.S. Furthermore, a significant part of the country\u2019s workforce includes 61.2 million small business employees. <\/p>\n\n\n\n Historically, there\u2019s been this common notion that small businesses are at greater risk to cybercrimes because they lack the resources \u2014 funds, personnel, time, etc. \u2014 to properly monitor and mitigate cyber threats. However, Verizon\u2019s 2021 DBIR findings indicate that the gap between the number of breaches that SMBs and larger organizations experience is narrowing, and the top breach patterns targeting both groups were largely identical:<\/p>\n\n\n\n However, where they still differ is in their detection capabilities. Large organizations are doing better in terms of detecting breaches faster than their smaller counterparts.<\/p>\n\n\n\n Unfortunately for consumers, some business owners and executives still convince themselves that their businesses are too small to be of interest to hackers. Some businesses take a head-in-the-sand approach to cyber security even though they say they experienced cyber attacks and data breaches in the past! This means that they may not put the time, money, training, and other resources in place to protect their businesses (and their customers as a result).<\/p>\n\n\n\n At the SSL Store, we\u2019re a small company with about 80 employees. We specialize in secure sockets layer\/transport layer security (SSL\/TLS) to create encrypted connections. As such, we\u2019re happy to help you configure your servers for maximum protection and to get that lauded \u201cHTTPS\u201d in your web address. However, that\u2019s only one piece of the puzzle \u2014 SSL only secures certain attack vectors. As such, you\u2019ll need to invest in additional security measures to increase the digital security of your small or medium-sized business. <\/p>\n\n\n\n Some such methods that should be used to create\nmulti-layered protection include:<\/p>\n\n\n\n\n
The Top Small Business Cyber Security Statistics to Know in 2021<\/h2>\n\n\n\n
\n
What Qualifies as an SMB?<\/h3>\n\n\n\n
\n
![\"Small](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/small-business-cyber-security-statistics-data-breach.png\")
<\/figure>\n<\/div>\n\n\n![\"A](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/06\/Negligence-300x155.png\")
<\/figure>\n<\/div>\n\n\n![\"Small](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2021\/11\/SMB-top-cloud-challenges.png\")
\n
\n
![\"A](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2020\/08\/cisco-small-business-cyber-security-statistics.png\")
\n
![\"\"](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/06\/Recovery-Plan-2-300x300.png\")
<\/figure>\n<\/div>\n\n\nWhy SMBs Are Thought to Be More Vulnerable to Cyber Attacks & Data Breaches<\/h2>\n\n\n
![\"\"](\"https:\/\/www.thesslstore.com\/blog\/wp-content\/uploads\/2019\/06\/SMBs-300x300.png\")
<\/figure>\n<\/div>\n\n\n\n
How You Can Protect Your Small Business from SMB Cyber Security Attacks<\/h2>\n\n\n\n
\n