Starting and running a small business comes with many costs, many of which are just part of the process. That said, there are some costs businesses can (and should) strive to avoid. The biggest of these are the costs that accompany a failure in small business cybersecurity.

Cybercrimes can cost small businesses tens or even hundreds of thousands of dollars to put right. From paying a data ransom to lost customers and sales, it all adds up to big bucks that any small business will want to avoid.

The best way to thwart a cyberattack is to invest in cybersecurity for small businesses. Keep reading to discover some informative small business cybersecurity statistics.

What is cybersecurity?

Cybersecurity is the act of protecting yourself against bad actors who may target you for your data. Cybersecurity for small business can include anything from the password you use to access your email to the two-factor authentication you need to go through to access your ecommerce portal from a new device. Ultimately, you’re protecting your business’ digital data from those who want to do harm to it (and you). 

How a business practices cybersecurity will depend on the scope of its operations. At a basic level, it might mean changing your passwords every three months or using a password keeper that randomizes your login information. At higher levels, it might mean using a two-factor Secure Sign-On (SSO) solution for your integrated business services. At any level, cybersecurity for small business hinges on being smart about how you access and use data.

What is a cyberattack?

A cyberattack occurs when bad actors get past your cybersecurity defenses or find vulnerabilities where you lack cybersecurity. Cyberattacks on small businesses are particularly prevalent because many times, smaller organizations don’t have the money or resources that big businesses do to safeguard their digital infrastructure. Small business and cybersecurity is a growing issue because hackers and other bad actors have begun to specifically target small businesses who may not be as well equipped to thwart their attacks. 

Like cybersecurity, cyberattacks can take many forms. Phishing is the most common tactic: sending a fake email that, when clicked, gives hackers access to your data. Other strategies include gaining administrator access through vulnerabilities and abusing admin privileges. There are numerous other sophisticated techniques. The key to thwarting them all is to protect your business’ data systems in as many ways as possible. 

13 small business cybersecurity statistics

Cybersecurity can prevent successful cyberattacks from happening—as well as the costs that accompany them. But it requires serious consideration from small businesses that results in proactive measures. 

How much do companies spend on cybersecurity? How often does cybercrime happen? What types of threats are small businesses up against? Here’s a look at 13 cybersecurity statistics that illustrate the importance of safeguarding your small business’ digital data. 

1. How much do cybersecurity incidents cost small businesses annually? 

On average, small-to-medium-sized businesses that suffer a cyberattack could find themselves paying upwards of $2.2 million to set things right1. If you’re a $10 million business, that’s roughly 20% of your annual revenues! Keep in mind that this is the average—some businesses could find themselves losing significant revenues in a single attack. Simply put: it’s a cost most businesses can’t afford, especially since it can be prevented with the right approach to cybersecurity. 

2. What percentage of small businesses put cash aside to combat data breaches? 

Far too many small businesses (83%) haven’t budgeted for the expense of a cyberattack1. Worse still, of the estimated 17% of businesses that have set funds aside for remediation, few of them set aside enough funds to resolve the problem. While it’s impossible to budget for the cost of a cyberattack, it’s clear that businesses need to spend money to prevent them from happening or face the cost of fixing them when they do.

3. What percentage of small businesses go out of business after a cyberattack?

Alarmingly, as many as 60% of small companies that suffer a major data breach find themselves out of business within six months2. Faced with huge revenue losses and mounting liabilities from the consumer side, a majority of businesses need to pack up and call it quits when faced with a devastating data breach. All it takes is one successful hack and one ransom situation to completely derail a small business. And, even if the financial hardship doesn’t deplete your company, the fallout due to lost consumer trust can cause revenues to dry up quickly. 

4. How much should companies spend on cybersecurity annually? 

Based on the budgets of more established companies, small businesses should expect to spend (on average) roughly 2% of their annual budget on cybersecurity3. While this isn’t a hard-and-fast rule, it shows how small the investment in good cybersecurity can be when done right. Focus on implementing common-sense systems and procedures to safeguard your data—many of which are free. 

5. What percentage of small businesses encrypt their data? 

Encryption is the first line of defense against data theft and malicious use of data. Unfortunately, less than half of small businesses (44%) encrypt their data or have an understanding of how to4. Many companies rely on the platforms they use to encrypt data for them, instead of implementing systems to do so at the company level. Even in the event of a successful data breach, encryption can quickly limit damage. 

6. What percentage of cyberattacks target small businesses? 

According to recent data, as much as 43% of all cyberattacks have small businesses as the target5. This is largely due to the vulnerabilities that exist within small business digital architectures. Small businesses don’t have the resources of major companies to build safeguards against hackers. Moreover, they’re not as quick to resolve vulnerabilities. In the event of a hack, most small businesses will simply pay a ransom for their data, which makes them easy targets for bad actors. 

7. What type of small business are the most vulnerable to cyberattacks? 

According to collected data on cyberattacks, healthcare, government agency-affiliated, finance, and education-focused small businesses are more likely to be targeted for cybercrimes5. Why? The sensitive nature of the data associated with these sectors commands a higher ransom by hackers that can do serious damage with it. 

8. What percentage of small businesses receive malware through email? 

Phishing emails are far and away the most common attempt by bad actors to attack businesses. It’s estimated that as many as 94% of all small businesses receive malware-laden emails1. Some phishing attacks are more sophisticated than others; however, every small business should train employees to recognize and avoid malicious emails. 

9. What’s the most common reason for a successful cyberattack? 

While it’s easy to think of complex hacking and strategic espionage as the reasons behind successful hacking attempts, the answer is far simpler. As many as 95% of cybersecurity breaches are primarily caused by human error6. Failing to change your password, leaving sensitive documents unguarded and even clicking on spam emails are all gateways to a successful cyberattack. 

10. How long can a successful cyberattack keep a small business down? 

While the extent and severity of a cyberattack can vary depending on the situation, it’s estimated that as many as 40% of small businesses experience eight or more hours of downtime following a data breach1. This is time spent understanding the scope of the attack, closing up the vulnerability, and dealing with data ransom—it doesn’t account for the time spent remediating the situation with customers. 

11. What percentage of small businesses have cyber liability insurance? 

Like any other aspect of operation, there’s insurance out there designed to protect your small business from liability in the event of a cyberattack. Unfortunately, roughly 60% of small businesses don’t have a cybersecurity policy7. This leaves them open and vulnerable to a successful cyberattack and the fallout that follows. A cyber liability policy is a nominal expense for most small businesses and could save you astronomical costs in the event of a data breach. 

12. How many small businesses think they’re at-risk for a cyberattack? 

Only a small fraction of small business owners (16%) have considered the possibility that they’re at risk for a cyberattack8. Most believe they’re not big enough to warrant attention from hackers or that there aren’t exploitable vulnerabilities within their systems. As a result, most small business owners are caught completely off guard in the event of a cyberattack.

13. How many small businesses know how to protect themselves from hackers? 

Almost half of small business owners (47%) say that they have no understanding of how to protect themselves against cyberattacks1. They’re not aware of things like encryption or two-factor authentication. Most don’t even have network monitoring solutions set up to alert them to a data breach. 

6 tips to prevent cyberattacks on small businesses

How can you protect your small business’ data from malicious hackers who want to ransom it? Here are some great tips that you can implement today to embrace a cybersecurity-first mindset and safeguard your data: 

  1. Recognize and embrace cybersecurity best practices in everything you do
  2. Create an action plan for how to handle a potential data breach or data loss
  3. Make frequent backups of critical business data and encrypt it to protect it
  4. Audit your current cybersecurity, including passwords and user access
  5. Contract an IT company to implement safeguards for your business’ data

Time, effort, and cost associated with these simple tips is nominal, and they’ll yield immediate benefits for your business. Taking a proactive stance when it comes to cybersecurity will put your business in a position to avoid the debacle of a cyberattack.  

It’s time to take small business cybersecurity seriously

What can we learn from these 13 small business cybersecurity statistics? Let’s recap a few of the most important takeaways:

  • Cyberattacks are extremely costly and could put small companies out of business
  • Small businesses are at-risk for cyberattacks by bad actors seeking to exploit them
  • Most successful cyberattacks are simple or caused by human error and are avoidable
  • A majority of small business owners haven’t considered the threat of a cyberattack
  • Too many small businesses don’t know how to protect themselves from hackers
  • The cost and effort to safeguard against cybercrimes is less than you might think

Small businesses quite literally cannot afford to succumb to a cyberattack. Instead, they need to be proactive about small business cybersecurity and make smart, cost-effective investments that protect their data from bad actors. In addition, it’s important to get serious about cybercrime and realize that—not only does it happen to small businesses disproportionately—it can have extreme consequences. 

It’s wise to partner with a cybersecurity professional or talk to your IT team about safeguards you can implement for your small business. The last thing you want to become is another statistic. Instead, you want to make sure your business can stand up to attempted cyberattacks and stand strong against hackers who want to use your data against you. It’s time to take small business cybersecurity seriously. 

Free insights to help 
you take control of business finances.
Discover the best tips, tricks, and tools for better money management.

Small Business Cybersecurity Statistics 

  1. Fundera: 30 Surprising Small Business Cyber Security Statistics
  2. Cyber Security Ventures: 60 Percent Of Small Companies Close Within 6 Months Of Being Hacked
  3. Nstec: What % of the overall it budget should invested in cybersecurity?
  4. Dotcomdevelopment: DATA SECURITY FOR SMALL BUSINESS: 2020 CYBER SECURITY STATISTICS
  5. Wgu: 6 Industries Most Vulnerable to Cyber Attacks
  6. Threat Cop: Top 5 Cyber Attacks and Security Breaches Due to Human Error
  7. Ciso Mag: https://cisomag.eccouncil.org/60-of-small-businesses-do-not-have-a-cybersecurity-policy-survey/ 
  8. Insureon: Only 16% of small business owners think they are at risk for a cyberattack