As technology continues to accelerate and play an increasingly prominent role in small businesses across the world, the importance of cybersecurity has come to the forefront.
With most small businesses sharing, storing, and distributing sensitive information online to customers and to employees, it’s critical that small business owners stay informed and understand the role of cybersecurity in a successful and thriving small business.
In this article we’ll explore some of the most important small business cyber security stats to watch in 2023. To make it easy to follow and so that you can navigate to the statistics that most interest you, we have broken down these cybersecurity statistics into an easy to skim list that includes cyber threats, email threats, the impact of COVID on cyber security.
Essential Small Business Cyber Security Stats 2023
1. The average cost a data breach for small businesses is $108,000
A study by Kaspersky into global corporate IT security risks found that the average cost of a data breach for small businesses is a staggering $108,000 USD. While this number has fallen slightly over the five three years from a peak of $120,000 USD back in 2018, the sheer cost should be cause for concern for any small business owner. The cost breakdown indicates that the highest incurred costs from data breaches comes from lost business, software and infrastructure fixes, and compensation.
2. Between 2020 and 2021, cybercrime grew by 13%
According to the latest data from the Australian Government Cyber Security Centre, there were over 76,000 reported cybercrime incidents in Australia in 2021 – a 13% increase on the same period in 2020. Given how many people were home bound and working remotely for the first time during 2020, it is staggering to think that cybercrime continued to grow in a year of loosened restrictions.
3. Cybercrime increased 600% through the Pandemic
When people were at their most vulnerable, it appears that the thieves were thriving. A report from Embroker found that cybercrime increased by a staggering 600% through the pandemic with opportunistic cybercrime criminals taking advantage of an engaged and locked-in audience who were more susceptible to scams than ever before.
4. 43% of all cyber-attacks impacted business with less than 250 employees
Small businesses are disproportionately represented in Verizon’s Data Breach Investigations Report with a staggering 43% of all cyber-attacks impacting businesses with less than 250 employees. While it may be the larger companies that dominate the headlines, small business cyberattacks are all too common and can lead to crippling consequences for SMEs.
5. Hackers attack security every 39 seconds
A disturbing study from the Clark School at the University of Maryland found that hackers attack every 39-seconds and more than 1 in 3 people in America are the victim of a hack attempt each year. Whether it’s in a private capacity or a professional capacity, the sheer rate of attacks mean that small businesses need to be on high alert.
6. 76% of cyberattacks start with an email
A study by Round Robin Tech revealed that 76% of all cyberattacks start with an email. Whether it comes from a phishing attempt or from a weak password, keeping email security up to date needs to be the number one concern for small businesses that are looking to improve their cyber security in 2023 and beyond. With more than three-quarters of all attacks starting with an email, improving email security for small business security is an immediate step that all SMEs can take.
7. 53% of adults believe remote work contributes to hacking and cyber threats
There are no two ways around it, the working landscape has undergone a fast track to remote or hybrid setups over the last three years. With more adults working from home and more small businesses working with a small team, it should come as no surprise that a Norton Anti-Virus software study found that 53% of adults believe that remote work contributes to hacking and cyberthreats. If, like many small businesses, you have changed to a hybrid working or remote working arrangement, now is the time to review your security systems and ensure that you are equipped for remote work security.
8. 25% of employees reported an increase in fraudulent emails, spam, and phishing attempts during Covid
A recent study from Deloitte found that one-quarter of all employees saw an increase in fraudulent emails, spam, and phishing attempts during Covid. While most of us were doing our best to adapt to the global pandemic, cyber criminals were thriving and using new loopholes to scam and spam employees. For small business owners, this statistic highlights the importance of working with an IT expert who can educate your staff and provide protection against fraudulent emails, spam, and phishing attempts for all employees.
9. 27% of consumers have stopped using public Wi-Fi to protect their online privacy
According to Norton, 27% of consumers have now stopped using public Wi-Fi to protect their online privacy – a positive step forward for employees of small businesses. The advent of cheaper data plans means that more adults are now opting out of public Wi-Fi networks in a bid to protect their online security. For small business owners and employees, it’s important to understand the vulnerabilities and threat of public WIFI network and provide education and training so that employees are not relying on public networks to transfer sensitive information.
10. 53% haven’t changed their password in the last 12 months
According to a recent study from Last Pass, more than half of adults and employees have not changed their passwords for more than 12-months. In spite of the constant news stories around data breaches at major tech companies, adults remain stubborn in updating their passwords. For small businesses, old passwords that may have been subject to a data breach or company-wide passwords that are common knowledge to ex-employees present a major security threat that needs to be addressed. Using a third-party password protection tool like Last Pass can help to mitigate the threat of password breaches and alert small businesses when certain passwords have been exposed through a data breach.
11. Just 14% of small businesses believe they can mitigate a cyber attack
With small businesses accounting for somewhere between 97.4 to 98.4%, it is shocking to learn that just 14% of small businesses believe they can mitigate a cyber-attack through preventative action. Based on this belief, a staggering 86% of all businesses believe that they are a sitting duck for hackers and will need to respond when it becomes an issue. Like anything, prevention is always better than a cure which is why investing in network support and cybersecurity is essential for small businesses.
12. Small businesses take 6-months to recover from a cyber attack
A study from the National Cyber Security Alliance found that the average timeframe for recovery from a cyber-attack for small businesses was 6-months. This staggering small business cybersecurity statistic demonstrates the importance of preventative maintenance and system investment to mitigate the risk and impact from cyber security attacks.
Kaspersky: “Kaspersky Global Corporate IT Security Risks Survey”
Australian Government Cyber Security Centre: Cybercrime Report 2021
Embroker: “Must-Know Cyber Attack Statistics and Trends”
Verizon: Data Breach Investigations Report for 2021
Cybint News: Cybersecurity Report for December 2018
Clark School at the University of Maryland : “Hackers Attack Every 39 Seconds” Report
Round Robin Tech: “Email Protection” Study
Norton: “2021 Norton Cyber Safety Insights Report Global Results”
Deloitte: “Cyber crime – the risks of working from home”
Last Pass: “Cognitive dissonance prevails – will 2020 be the tipping point for behavior changes?”
National Cyber Security Alliance: “Stay Safe Online”
ASBFEO: “Small Business Counts December 2020”