Cyber Security Statistics: Numbers Small Businesses Need to Know

Top Cyber Security Statistics SMBs Need to Know

Do you run a small business? You’d be forgiven for thinking that you’re not even on the radar of cyber criminals out to score millions by taking down the networks for huge, powerful businesses. After all, without naming names, we can all think of a handful of high-profile corporations that have faced the embarrassment of admitting their sophisticated security systems have been breached. This is a view shared by more than half (54%) of SMB leaders.

You’d be forgiven for thinking that, but you’d also be wrong. Research into the murky world of cybersecurity shows that nearly half (43%) of cyber-attacks are now carried out on small and medium-sized businesses (SMBs) that often don’t even realize they’re in the firing line. When you think about how many SMBs there are in the world compared to huge multinationals, you can reasonably assume that more small businesses are attacked than global businesses.

This is because every business is now a tech company in some way, driven by the democratisation and accessibility of digital tools in the cloud. If you store digital customer records, then you’re a potential target of a cyber-attack – and the stark figures research figures support this.

Attacks and breaches against SMBs rocketed five-fold (428%) in 2018, and this was before the mass surge to remote working and digital tools in 2020, driven by the pandemic. The threat to SMBs is only going to increase

Same Thread, Different Budget

An unfortunate truth for SMBs is that they face the same thread as global enterprises but have a fraction of the budget, and staffing resources, to prepare themselves. Almost two-thirds (62%) of small firms lack the in-house skills needed to maintain a strong cybersecurity posture.

This lack of expertise goes hand-in-hand with economic struggles. Well over three-quarters of small businesses (83%) admit that they lack the funds in place to deal with a cyber-attack. The average cybersecurity investment made by SMBs is less than $500 per year – a stark number when considered against the average cost of an attack on a small firm, which stands at $3m.

It may not seem fair, but the harsh reality in a digital-first world is that businesses of all sizes need to work under the assumption that they will be targeted by cyber criminals.