Small Business Data Breach - Stats You Should Know

We’ve collected these cyber security statistics for small businesses from a variety of sources.


General Small Business Cyber Security Statistics

  • Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.
  • 60 percent of small companies go out of business within six months of a cyber attack.
  • 43 percent of cyber attacks target small business.
  • 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
  • Small businesses are most concerned about the security of customer data


Small Business Cyber Security Attack Statistics

The numbers show that small businesses are not only at risk of attack, but have already been attacked:


In the aftermath of these incidents, these companies spent an average of $879,582 because of damage or theft of IT assets.
In addition, disruption to normal operations cost an average of $955,429.

The types of cyber attacks broke out as following:

The root causes of data breaches broke out as following:


Small Business Cyber Security Prevention Statistics

  • While many small businesses are concerned about cyber attacks (68 percent), more than half (51 percent) are not allocating any budget at all to risk mitigation.
  • Dangerous disconnect: one of the more popular responses as to small businesses they don’t allocate budget to risk mitigation was that they, “feel they don’t store any valuable data.” Yet a good number reported that they in fact DO store pieces of customer information that are of significant value to cyber criminals:
    • 68 percent store email addresses;
    • 64 percent store phone numbers; and
    • 54 percent store billing addresses.
  • Small businesses reported that only:
    • 38 percent regularly upgrade software solutions;
    • 31 percent monitor business credit reports; and
    • 22 percent encrypt databases.
  • If a company has a password policy, 65 percent of respondents say they do not strictly enforce it.
  • 16 percent of respondents admitted that they had only reviewed their cybersecurity posture after they were hit by an attack.
  • 75 percent of small businesses have no breach readiness program or resources.

Bottom Line

As cyber criminals continue to target small businesses, owners and employees need to know how to protect both their customers and themselves. There are cost effective programs that help small business with breach preparedness and resolution.  

  Article published   

Mark Norman
Mark Norman