15 Important Small Business Cybersecurity Statistics

DataProt is supported by its audience. When you buy through links on our site, we may earn a commission. This, however, does not influence the evaluations in our reviews. Learn More.

Hackers have targeted more small businesses in the last year. As small businesses start using newer technology like cloud computing, they are more at risk of getting attacked by cybercriminals. If you are a small business owner, you need to be careful and take steps to protect your business from cyberattacks.

In this article, read about the latest cybersecurity statistics for small businesses. By understanding these statistics, small business owners like you can better prepare themselves against cyber attacks and ensure the safety and security of their operations.

Critical Small Business Cybersecurity Stats

  • SMBs face malware as the most prevalent threat, constituting 18% of attacks. (Intuit Quickbooks)
  • Malicious actors send emails targeting small businesses at a rate of one in 323. (Symantec)
  • 72% of Small businesses purchased cyber insurance only after experiencing or hearing about cyberattacks. (AdvisorSmith)
  • Approximately 60% of small businesses are out of commission within six months following a cyberattack. (National Cyber Security Alliance)
  • A hack within the next year is not a concern for most (56%) small business owners.  (CNBC) 
  • 40% of small businesses experienced essential data loss during cyberattacks. (BullGuard)
  • 22% of small business owners increased their spending on cybersecurity. (CNBC)

2023 Cybersecurity for Small Businesses Statistics

These are the main facts for 2023 related to small businesses and the cyber attacks that affect them:

1. The most prevalent type of threat for SMBs is malware, which accounts for 18% of attacks.

On a poll commissioned by Intuit Quickbooks, small businesses are primarily targeted with malware, representing 18% of all attacks. Phishing comes in second, accounting for 17% of attacks, followed by data breaches at 16%, DDoS at 12%, and malware at 10%.

(Intuit Quickbooks)

2. 88% of SMB owners believe their businesses are susceptible to cyber-attacks.

Most small business owners know they could be the target of cyberattacks. However, many cannot afford professional IT services; others feel they need more time to improve their cybersecurity or lack the time.

This concern among small business owners is because only some are able or willing to take steps to protect their systems from phishing and other forms of cyberattacks. As a result, it is not surprising that a large majority (88%) of small business owners believe they are vulnerable to an attack.


3. Malicious emails targeting small businesses occur at a rate of one in 323.  

Small businesses, specifically those with fewer than 250 employees, face a greater risk of falling prey to email-based threats such as phishing, spam, and malware. Symantec’s Internet Security Threat Report reveals that one email is malicious out of every 323 emails these businesses receive. 

The figure may seem insignificant, but it is substantial when the typical office worker gets bombarded with an average of 121 emails daily.


4. 72% of small businesses only purchased cyber insurance after experiencing a cyberattack or hearing about it. 

Small businesses often view cyber insurance as optional compared to other types of business insurance like general commercial liability or workers’ compensation insurance. However, experiencing a cyber attack is a significant factor that prompts businesses to seek cyber coverage. 


5. On average, SMBs face a cost of almost $3 million per data breach incident.

Businesses with less than 500 employees are considered SMBs, and the typical expense of a data breach for these companies is around $3 million per occurrence.


6. Cyber attacks force 60% of small companies out of business within six months.

The National Cyber Security Alliance of the U.S. discovered that cyber-attacks cause 60 percent of small companies to fail within six months. The Ponemon Institute reports that small businesses spend an average of $690,000 to recover from hacking, while middle-market companies spend more than $1 million.

(National Cyber Security Alliance)

7. A cyberattack could compromise the customer data of 87% of small businesses.

A study reveals that small businesses possess customer data that could be compromised in an attack, including sensitive information like credit card details, social security numbers, bank account information, phone numbers, and addresses. This implies that a business suffers damage when breached, and its customers may also suffer from different forms of identity theft, privacy violations, and other related issues. 


8. Approximately 43% of all data breaches are aimed at small businesses.

Many assume that cyber attackers would primarily target large corporations. However, huge enterprises typically implement robust cybersecurity protections, making infiltrating them harder. Small businesses’ systems are relatively easy to breach, making them easier targets for cybercriminals.


9. Most (56%) small business owners are not concerned about experiencing a hack within the following year.

Despite acknowledging their susceptibility to cybersecurity attacks, many small business owners anticipate not being hacked in the next 12 months, with 56% showing no concern, including 24% completely unconcerned.


10. Among small business owners targeted in a cyberattack, 25% suffered losses in their business.

When cybercriminals attack small businesses, 25% face business losses, potentially caused by missed opportunities, customer distrust, or other factors.


11. 47% of small businesses with less than 50 employees need a budget for cybersecurity. 

Nearly half (47%) of businesses with 50 or fewer employees need a cybersecurity budget. Only a few firms with a budget include a separate budget dedicated to cybersecurity apart from IT spending. Only 8% of small businesses have a formal and dedicated budget to protect themselves against cyberattacks.

(Corvus Insurance)

12. Employees of small businesses experience social engineering attacks 350% more frequently.  

Employees working at small businesses are at a higher risk of falling prey to social engineering attacks, including tactics like phishing, baiting, quid pro quo, pretexting, and tailgating. The size of small businesses makes them more vulnerable, and they are 350% more likely to be targeted than larger enterprises. 


13. 40% of small businesses experienced the loss of essential data during cyberattacks.

Breached companies can suffer far-reaching adverse effects due to critical data loss. The loss of sensitive customer data, such as credit card information, social security numbers, phone numbers, or home addresses, can also expose them to customer lawsuits.


14. Only 17% of small businesses implement data encryption.

In a survey conducted by AdvisorSmith, Small businesses only encrypt 17% of their data. Companies and customers are vulnerable to cyber threats without data encryption, making it an essential cybersecurity measure. 

Encryption software ensures attackers cannot read data, even if they bypass the firewall. This can significantly reduce the cost of cyberattacks. The complexity of encryption technology can be why companies refrain from widely using it.


15. 22% of small business owners increased their cybersecurity spending this year.

22% of small business owners increase their cybersecurity budgets to protect themselves against threats. Another 67% kept their spending levels the same. Overall, the remaining 11% were still determining if their spending had changed or reduced the amount they dedicated to cybersecurity.


Bottom Line

Cybersecurity threats continue to be a growing concern for small businesses. Data breaches and other prevalent types of cyberattacks occur at an alarming rate. The cost of a data breach incident can be significant for SMBs. 

It is crucial for small business owners to understand the risks and take proactive measures to protect their businesses. By investing in cybersecurity measures and creating a cybersecurity plan, small businesses can better prepare themselves against cyber threats.

Leave a Comment

Scroll to Top