We’ve collected these cyber security statistics for small businesses from a variety of sources.

General Small Business Cyber Security Statistics

• 43 percent of cyber attacks target small business.
• Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.
• 60 percent of small companies go out of business within six months of a cyber attack.
• 48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
• Small businesses are most concerned about the security of customer data:

Small Business Cyber Security Attack Statistics

The numbers show that small businesses are not only at risk of attack, but have already been attacked:

• 55 percent of respondents say their companies have experienced a cyber attack in the past 12 months(May 2015 -May 2016), and
• 50 percent report they had data breaches involving customer and employee information in the past 12 months (May 2015 -May 2016).

• In the aftermath of these incidents, these companies spent an average of $879,582 because of damage or theft of IT assets.
• In addition, disruption to normal operations cost an average of $955,429.
• The types of cyber attacks broke out as following:

• The root causes of data breaches broke out as following:

Small Business Cyber Security Prevention Statistics

• While many small businesses are concerned about cyber attacks (58 percent), more than half (51 percent) are not allocating any budget at all to risk mitigation.
• Dangerous disconnect: one of the more popular responses as to small businesses they don’t allocate budget to risk mitigation was that they, “feel they don’t store any valuable data.” Yet a good number reported that they in fact DO store pieces of customer information that are of significant value to cyber criminals:
  • 68 percent store email addresses;
  • 64 percent store phone numbers; and
  • 54 percent store billing addresses.
• Small businesses reported that only:
  • 38 percent regularly upgrade software solutions;
  • 31 percent monitor business credit reports; and
  • 22 percent encrypt databases.
• If a company has a password policy, 65 percent of respondents say they do not strictly enforce it.
• 16 percent of respondents admitted that they had only reviewed their cybersecurity posture after they were hit by an attack.
• 75 percent of small businesses have no cyber risk insurance

Cyber SEcurity Photo via Shutterstock

This article was written by Matt Mansfield and originally appeared on Small Business Trends, 1/3/17