We’ve collected these cyber security statistics for small businesses from a variety of sources.
General Small Business Cyber Security Statistics
- 43 percent of cyber attacks target small business.
- Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.
- 60 percent of small companies go out of business within six months of a cyber attack.
- 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
- Small businesses are most concerned about the security of customer data:

Small Business Cyber Security Attack Statistics
The numbers show that small businesses are not only at risk of attack, but have already been attacked:
- 55 percent of respondents say their companies have experienced a cyber attack in the past 12 months(May 2015 -May 2016), and
- 50 percent report they had data breaches involving customer and employee information in the past 12 months (May 2015 -May 2016).

- In the aftermath of these incidents, these companies spent an average of $879,582 because of damage or theft of IT assets.
- In addition, disruption to normal operations cost an average of $955,429.
- The types of cyber attacks broke out as following:

- The root causes of data breaches broke out as following:

Small Business Cyber Security Prevention Statistics
- While many small businesses are concerned about cyber attacks (58 percent), more than half (51 percent) are not allocating any budget at all to risk mitigation.
- Dangerous disconnect: one of the more popular responses as to small businesses they don’t allocate budget to risk mitigation was that they, “feel they don’t store any valuable data.” Yet a good number reported that they in fact DO store pieces of customer information that are of significant value to cyber criminals:
- 68 percent store email addresses;
- 64 percent store phone numbers; and
- 54 percent store billing addresses.
- Small businesses reported that only:
- 38 percent regularly upgrade software solutions;
- 31 percent monitor business credit reports; and
- 22 percent encrypt databases.
- If a company has a password policy, 65 percent of respondents say they do not strictly enforce it.
- 16 percent of respondents admitted that they had only reviewed their cybersecurity posture after they were hit by an attack.
- 75 percent of small businesses have no cyber risk insurance
Cyber SEcurity Photo via Shutterstock
This article was written by Matt Mansfield and originally appeared on Small Business Trends, 1/3/17