According to the Small Business Administration’s Office of Advocacy, there are 30.2 million small businesses in the United States, making up 99.9% of all businesses in the country. Due to such a sizeable representative percentage, any discussion about cybersecurity statistics should focus on small businesses.
While the SBA defines small businesses as any business with less than 500 employees, most have far fewer, making them soft targets for cybercriminals. For small businesses, fewer resources mean they should approach cybersecurity in a much different way to larger enterprises, using more innovative and more agile protection methods.
Small Businesses Cybersecurity Plan
A small business cybersecurity plan outlines the steps and measures to secure a business from attacks like malware, phishing, and ransomware. While most small businesses may not see the need to document such a plan, it is critical to ensure compliance across the company.
In the plan, focus on three primary objectives:
- Data protection
- Compliance maintenance
- Customer, supplier, and partner reassurance
A small business can become a more challenging target for attackers with a simple cybersecurity plan in place.
7 Cybersecurity Statistics That Small Businesses Need to Know in 2021
Over the past 20 years, cybersecurity threats have gone from isolated cases to mainstream events reported daily. It is apparent cybercriminals are becoming more sophisticated and aggressive in their quest to plunder business data.
Here are seven cybersecurity threats every small business should know in 2021 to keep their business safe.
#1. 95% of cybersecurity incidents are caused by human error. (Cybint)
It would be impossible for hackers to gain access to data in an environment free of human error. However, human error, including weak passwords, clicking on links in unsolicited emails and using public Wi-Fi, increase a business’s vulnerability.
#2. $133,000 – the average cost of a ransomware attack. (SafeAtLast)
Ransomware attacks are on the rise, with attackers targeting any business willing to pay a ransom, both large and small. With such a high cost per incident, many small businesses would struggle to pay a ransom, not to mention coming to terms with irrecoverable data.
#3. Security breaches have increased by 11% since 2018 and 67% since 2014. (Accenture)
In 2021 and beyond, there is no sign that cyber-attacks will abate. Accenture’s report shows an exponential rise in cyber breaches, a grim statistic that small businesses should interpret as a call to action to protect against imminent threats.
#4. 43% of cybersecurity breach victims were small and medium businesses. (Verizon)
Most cyber breaches in the news involve billion-dollar companies like Equifax, Uber, and Under Armor. However, as this statistic shows, SMEs cannot expect to fly under the radar of attackers.
#5. 45% of breaches featured hacking, 22% involved phishing, and 17% involved malware. (Verizon)
Cybercriminals have an arsenal of attack techniques at their disposal. Therefore, small businesses must use multifaceted safety protocols to counter the most prevalent attack methods, including malware, phishing, and ransomware. While hacking may be more challenging to stop, steps can be taken to harden digital assets at a reasonable cost.
#6. 94% of malware is delivered via email. (CSO Online)
Email is still the most popular business communication tool, and attackers know this. For small businesses, email safety should attract the closest attention, as, in most cases, it represents the most vulnerable asset in the company. Switching to cloud solutions like Google Workspace or Office 365 can be of tremendous benefit in this regard.
#7. Remote work has increased the average cost of a data breach by $137,000. (IBM)
The pandemic of 2020 saw many businesses embrace a remote working culture while opening the floodgates to remote-working-related breaches. With a significant uptick in each breach’s cost, remote working can be an expensive venture for small businesses if steps are not taken to secure remote workers.
How To Use These Statistics to Guard Against Cyber Attacks
Cybersecurity statistics provide a foundation on which to build the correct security protocols. For example, with the knowledge that most malware is delivered via email, a small business can invest more time and resources to secure its email than its website.
Creating a comprehensive small business cybersecurity plan that considers these stats can be a strong starting point to creating a plan that works. As a small business, investing in such a plan might likely seem like overkill, but it will not when the plan thwarts a cybersecurity threat that might have put the business out of business.
Author: Ashley Lukehart
Ashley has been writing about the impact of technology and IT security on businesses since starting Parachute in 2005. Her goal has always been to provide factual information and an experienced viewpoint so that business leaders are empowered to make the right IT decisions for their organizations. By offering both the upsides and downsides to every IT solution and consideration, expectations are managed and the transparency yields better results.