Skip to main content

Since it is usually cyber-attacks on the large corporations that get most of the news headlines, people tend to assume that small businesses are not targeted. Statistics show that small and medium-sized businesses are not free of the threat of cyber-attacks, however. On the contrary, most cyber-attacks are aimed at them. They simply don’t make the headlines. If you’re a small business owner and find this hard to believe, here are the statistics that you need to focus on.

More than 50 percent of victims are small businesses

Small businesses make up about 58 percent of all malware victims. These attacks leave them with malware infections, a trend that is on the rise. According to a study by Ponemon Institute, the percentage of small businesses experiencing these attacks was 55 percent in 2016, and was up at 61 percent in 2017.   In 2018 nearly 70 percent of small businesses experienced cyberattacks and 50 percent do not know how to protect their companies.

It might appear that hackers actually prefer small businesses. This is probably not true, however. It is more likely that they simply attack whatever target is poorly guarded. They are opportunists, rather than people who carefully plan attacks. Small businesses simply get caught because they have inadequate security.

It’s also important to understand that cyber attackers do find small businesses profitable to attack. While such businesses do not possess data on the scale of the large corporations, they do have some records and business data that can be useful to attackers as they plan larger attacks. As an example, the large data breach that occurred at Target six years ago was made possible by a preliminary attack on a small business first.

These attacks can prove costly to small businesses

When an attacker hits a small business, he causes massive losses to the business. Small business operations lose about $1 million to the disruption caused to their business, and another million to the damage caused to their IT assets.

In general, cybercrime itself involves a great deal of money, and is big business. Worldwide, cybercrime is expected to cost economies around the world a total of $6 trillion each year by 2021. Ransomware damage alone is expected to go over $10 billion. It is estimated that a business will fall victim somewhere every 10 seconds or so.

It’s important to understand that these statistics represent real businesses that have lost real money. Businesses often permanently shut down, unable to bear the financial cost of the attacks that they face.

Most attacks come in through email

Studies have revealed that more than 90 percent of the time, attacks are made possible because people still open suspicious email and click on attachments. Small businesses, on average, face about ten such threats each month for each employee that they have. Should an employee make a mistake even once, it could be a disaster for the business.

There are other ways in which attacks happen, as well. Microsoft Remote Desktop Protocol, a method of remotely controlling computers for service purposes. If you use a simple password, it can likely be easily cracked by attackers, who then gain control of your system.

The attacks are becoming more sophisticated

Conventionally, hackers used infected files in order to perform their exploits. These files could be scanned by antivirus software and filtered out. The modern method preferred by hackers, however, involves the use of file less techniques. With no files to scan, antivirus software is unable to stop these attacks.

Alarming statistics

  • 95% of all enterprise attacks start with successful spear phishing
  • 60% of US SMB users use the same password for all systems they access
  • 80% of ransomware infections caused by human error or employee negligence
  • 60% of US SMBs do not have a breach response plan
  • 64% of Americans willing to pay Ransom
  • Ransom increased over 300% since 2016
  • 92% of malware is delivered via email
  • 1 in 13 emails contained phishing targeting your credentials
  • 42% of user clicks on malicious URLs were on Mobile Devices

Fortunately, stopping such attacks is not hard

Small businesses are finally beginning to get serious about protecting themselves. Studies have indicated that about one in five businesses now consider themselves well-prepared. They are able to adequately protect themselves by engaging the business of cyber security experts. It’s important for businesses to understand that antivirus software is no longer adequate.

With cyber-attacks against small businesses growing in sophistication, businesses need to understand that they are no longer too small to be of value. They do represent plenty of value to hackers. Small businesses need to ramp up security.