Many small business owners are confused about how to go about keeping their enterprise safe from a cyber attack. These entrepreneurs can learn a lot from the cybersecurity statistics that emerge from cybersecurity analysts.

Take note of these cybersecurity statistics for small businesses that may be relevant to your organization.

Cybersecurity stats: SMBs as targets

Despite news of attacks on megacorporations (T-Mobile, Google and Facebook just in 2018), Verizon reports that 58 percent of all attacks target small businesses. Smaller enterprises are attractive for a number of reasons:

  • With smaller budgets and staff quotas, SMBs generally have fewer resources to devote to cybersecurity and thieves see that as a vulnerability in and of itself.
  • Further, because SMB leadership is often focused on core activities and not cybersecurity concerns, their oversight of internal security policies and practices can lapse. Lax workers avoiding password or access protocols are vulnerabilities, too.
  • Not insignificantly, SMBs often maintain all their processes on in-house machines and many don’t maintain a dedicated IT security staffer to keep the protections on those machines current. Even old viruses and trojans can pose problems in these circumstances.

Cybersecurity stats: types of attack

Protecting against a variety of attack types is also a challenge for SMBs. Even though the most reported hacks may involve sophisticated strategies for infiltration, cybersecurity statistics for small businesses reveal that most successful hacks use simple forms of intrusions. According to CSO Online:

  • Email carries in 92% of malware capable of disabling a company.
  • Of those, targetted phishing attacks raise the most concerns; 56% of SMB leaders are worried about phishing expeditions through their corporate email system.
  • The Internet of Things (IoT) also offers a popular mode of attack. Of the companies surveyed, 61%  had experienced an unfortunate IoT security event.
  • More than three-quarters of attacks (77%) are “fileless,” meaning the toxic code embeds in tools already installed in the memory of the computer. Typical anti-virus programming doesn’t scan for the coding so it can run silently for long periods of time before being discovered. And considering that it takes an average of 191 days for most companies to detect malware-caused data breaches, the fileless attacks represent an even darker threat. The 2016 hack of the Democratic National Party is an example of a fileless hack.

Cybersecurity stats: information theft

The type of information demanding heightened security usually depends on the work of the company that amasses it. Corporations that collect reams of consumer data will require the tightest security controls over that ‘personally identifying information’ (PII). Other companies may rely on less personal data, however, and their cybersecurity practices should revolve around those specifics. The toughest cases are those in which there is a variety of data categories, each of which requires specialized security standards. did a sweep of several studies and gleaned these security concerns from that pool of research respondents:

  • When asked, a full two-thirds (66%) of surveyed SMB owners were concerned about protecting their customer records.
  • Almost half (49%) were concerned about their company’s intellectual property.
  • A quarter (24%) were most worried about protecting their organization’s financial data.

Insofar as most companies have varying volumes of each of these types of data, as well as data contained in credit cards, worker records and business correspondence, their cybersecurity practices should address each concern individually.

Cybersecurity for small businesses doesn’t have to evolve from bad experiences. Using the wisdom gleaned from known security hacks gives every SMB leader insights about what their next cybersecurity investment should be.


About TechWerxe

TechWerxe is a leading IT company focused on providing companies with customized solutions for their business.