2023 SMB Cybersecurity Statistics
Many small businesses fail to give due importance to cybersecurity or develop comprehensive strategies to prevent or respond to attacks – a fact well-known to hackers. The following statistics provide a glimpse into the threat landscape that small businesses simply cannot afford to overlook.
1. 46% of all cyber breaches impact businesses with fewer than 1,000 employees.
2. 61% of SMBs were the target of a Cyberattack in 2021.
3. At 18%, malware is the most common type of cyberattack aimed at small businesses.
4. 82% of ransomware attacks in 2021 were against companies with fewer than 1,000 employees.
5. 37% of companies hit by ransomware had fewer than 100 employees.
6. Small businesses receive the highest rate of targeted malicious emails at one in 323.
7. Employees of small businesses experience 350% more social engineering attacks than those at larger enterprises.
8. 87% of small businesses have customer data that could be compromised in an attack.
9. 27% of small businesses with no cybersecurity protections at all collect customers’ credit card info.
10. 55% of people in the U.S. would be less likely to continue doing business with companies that are breached.
11. 95% of cybersecurity incidents at SMBs cost between $826 and $653,587.
12. 50% of SMBs report that it took 24 hours or longer to recover from an attack.
13. 51% of small businesses said their website was down for 8 – 24 hours.
14. In 2020 alone, there were over 700,000 attacks against small businesses, totaling $2.8 billion in damages.
15. Nearly 40% of small businesses reported they lost crucial data as a result of an attack.
16. 51% of small businesses that fall victim to ransomware pay the money.
17. 75% of SMBs could not continue operating if they were hit with ransomware.
18. Just 17% of small businesses have cyber insurance.
19. 48% of companies with insurance did not purchase it until after an attack.
20. 64% of all small businesses are not familiar with cyber insurance.
21. 47% of businesses with fewer than 50 employees have no cybersecurity budget.
22. 51% of small businesses have no cybersecurity measures in place at all.
23. 36% of small businesses are “not at all concerned” about cyberattacks.
24. 59% of small business owners with no cybersecurity measures in place believe their business is too small to be attacked.
25. Only 17% of small businesses encrypt data.
26. 20% of small businesses have implemented multi-factor authentication.
27. 80% of all hacking incidents involve compromised credentials or passwords.
28. One-third of small businesses with 50 or fewer employees rely on free, consumer-grade cybersecurity solutions.
29. 76% of small businesses that increased cybersecurity spending cited rising fear of new threats.
30. 42% of small businesses have revised their cybersecurity plan since the COVID-19 pandemic.
31. Nearly half of small businesses spend less than $1,500 monthly on cybersecurity.
32. 22% of small businesses increased cybersecurity spending in 2021.
33. SMBs spend 5% to 20% of their total IT budget on security.
34. 29% of businesses that suffered a breach responded by hiring a cybersecurity firm or dedicated IT staff.
35. Antivirus software (58%), firewalls (49%), VPNs (44%), and password management (39%) are the top four cybersecurity tools SMBs are adopting.