SMB’s are a favorite target of cyber criminals — cyber attacks were up 424% in 2018.

We have put together a list of the SMB’s cyber security statistics you need to know to help keep you secure.

We will also discuss why SMBs make such attractive targets and what you can do to protect your business.

The Top SMB’s Cyber Security Statistics

A 2017 study from VIPRE Security that showed 2/3 (66%) of small and medium-sized businesses (SMB’s) would suffer devastating consequences requiring them to close their doors after a breach. Their survey of 250 SMBs’ IT managers conveyed that the businesses would shut down for a minimum of one day or would be put out of business entirely if such an event were to occur.

We hoped our research on SMB’s cyber security related stats would show that this had decreased over the past three years – but it hasn’t. We will discuss some of the cyber security statistics you’ll want to know about SMB’s:

1. 43% of All Data Breaches Target SMBs.
Verizon’s most recent Data Breach Investigation Report (DBIR) shows that almost 1/2 of all breaches occurred at SMB’s. This statistic speaks for itself and doesn’t require more of an explanation.

2. There Was a 424% Increase in Authentic and New Breaches of SMB’s in 2018
The cyber security firm 4iQ states in its 2019 Identity Breach Report that cybercriminals targeted SMB’s with cyber attacks at an alarming rate in 2018 — up nearly 425% over the previous year.

3. 83% of SMBs Lack the Funds to Deal with the Repercussions of a Cyber Attack
InsuranceBee’s Survey of more than 1,300 SMB owners shows that more than eighty percent of SMB’s lack the money they would need to recover from a cyber attack or data breach. Of those that report having money aside for such an incident (17%), few have considered the reputation damage or legal fees they will face if a data breach should occur.

4. The Average Cyber Attack Carries a Price Tag of Nearly $3 Million When it comes to determining the costs of a cyber attack, there are many factors to consider:

  • The cost of any ransom
  • The cost of lost data
  • System outages,
  • Business downtime
  • Non-compliance fines (PCI, GDPR, HIPAA, etc)
  • Legal costs
  • Potential lawsuits

The Keeper Security and the Ponemon Institute’s 2018 State of Cybersecurity in SMB’s report states that downtime accounts for approximately $1.56 million of those costs.

For an example of the “extra” costs a business might encounter, look no further than the recent AMCA data breach. The company, which also operated as Retrieval-Masters Creditors Bureau, Inc., has paid millions in such “extra” costs — $4.2 million to report the breach, $3.8 million for notifications, etc. That’s not including non-compliance fees and lawsuits.

5. SMBs Experience 8+ Hours of Downtime During a Breach
Cisco’s 2018 Security Capabilities Benchmark Study shows that fourty percent of mid-size businesses with 250-499 employees “experienced eight hours or more of system downtime due to a severe security breach in the past year.”

6. 1 in 323 Emails to SMB’ses are Malicious
Symantec’s 2019 Internet Security Threat Report shows that employees of smaller organizations were more likely to be hit and be susceptible to email threats such as spam, phishing, and email malware than those who work at large organizations.

7. 60% of SMBs Cite Employee Negligence as Cause of Data Breaches
The Keeper Security/Ponemon Institute’s SMB’s report showed the number of SMBs reporting negligent employees and contractors as the cause of data breaches increased to sixty percent in 2018 — whereas external threats (hackers) were reported as thirty seven percent of the causes.

8. 54% of SMBs Believe Their Companies are “Too Small” to Be Ransomware Targets
The Keeper Security/Ponemon Institute SMB report showed that some SMBs believe that their businesses are too small to be lucrative targets for cybercriminals. If you have read any recent cyber security reports or literature, you would know that no company is “too small” and that a cybercriminal lacks interest. Most SMB’s lack defenses and cybercriminals know this all too well.

9. 77% of SMBs Anticipate Outsourcing Cyber Security
Continuum reports in its State of SMB Cyber Security in 2019 report that nearly 80% of SMB’s believe their cyber security tasks will be outsourced within 5 years.

10. 62% of SMBs Lack the In-House Skills to Handle Cyber Security
As perplex as it may be, it no surprise that many SMB’s lack the necessary skills to implement cybersecurity defenses. This is a practice that needs to stop considering that attacks on SMB’s are the most common.

Continuum’s 2019 SMB’s cyber security report shares that nearly 2/3’s of SMBs say they do not have the skills necessary to handle cyber security, and 56% report that they don’t have any cyber security experts within their reach.

11. 62% of Phishing Simulations Hook at Least One Set of User Credentials
Duo’s research shows that more than 1/2 of phishing campaigns resulted in at least 1 set of user credentials becoming compromised. The same study also showed that 64% of phishing campaigns involved at least one out-of-date device.

12. SMB’ses Invest Less Than $500 Per Year in Cyber Security Products This alarmingly low number is the average amount that Juniper Research’s 2018 study says that SMB’s spend on consumer-grade cybersecurity products each year. Considering that SMBs represent only 13% of the cybersecurity market, it’s no surprise that SMB’s are such an attractive target to cybercriminals.

13. 55% of SMB’s Cite Resources and Knowledge as Challenges to Cyber Security Planning
A survey by the Better Business Bureau (BBB) indicates that the hardest challenges for developing a cybersecurity plan to increase SMB’s cybersecurity is a lack of knowledge and resouces.

14. Cyber Attacks Due to Weak or Stolen Employee Passwords Average $383,365
This is one of the findings of the Keeper Security/Ponemon Institute SMB report.

15. 68% of SMB’s Do Not Have Disaster Recovery in Mind
Nationwide reports that more than 2/3 of SMB’s do not have a disaster recovery (DR) plan in place. Their report also shows that 71% of SMB’s choose not to buy cybersecurity insurance.

Why SMB’s are More Vulnerable to Cyber Attacks and Data Breaches Many SMB’s still convince themselves that their businesses are “too small” to be of interest to hackers. It should come as no surprise that SMB’s make for easy targets for cybercriminals. Due to their limited funds and size, SMBs often have access to fewer personnel and secuirty resources than the larger enterprises. This is very important considering that SMB’s are the drivers of economy in the U.S.

The most recent data from the U.S. SMB’s Administration (SBA) reports that there were 30.2 million businesses in the U.S. as of 2015. Of these, 5.9 million had paid employees. There is truth in the statement that uninformed employees do pose a serious risk to your business — small or otherwise.

SMB employees who lack the training to avoid cyber threats are in positions to unwittingly put your company at risk by something as simple as clicking on the link in 1 phishing email.

How You Can Protect Your SMB’s from SMB Cyber Security Attacks? Contact us to see how Scurit can help.