A survey published earlier this year showed that in the past 12 months, hackers have breached half of all small businesses in the United States. Small businesses, which often don’t have the revenue to afford their own IT departments, are especially susceptible to phishing attacks via email or fraudulent activity through their online activities.
Eighty-seven percent of small business owners don’t feel they’re at risk for a cybersecurity attack, and 1 in 3 small businesses don’t have the tools in place — firewalls, antivirus software, spam filters or data-encryption tools — to protect themselves.
The American Recovery Association (ARA) wants you to know YOU are at risk.
National Cybersecurity Awareness Month (NCSAM) has been observed every October since 2004. The program was developed by the Department of Homeland Security and the National Cyber Security Alliance to ensure every American has the information and resources to stay safer online.
In the past, we have had webinars on things you should or should not do on social media sites. This month, ARA is using this article as our education material. With so many things to think of during a hectic day, cybersecurity might be a thought that never happens. This is why you use technology to help protect you from attacks you don’t often think about, or for many, do not understand. Make sure you have your computers protected with at least the following measures:
- Cybersecurity programs such as Malwarebytes or Norton. These help block malware, ransomware, adware and other threats
- Use a password manager
- Ensure your Wi-Fi is secure on mobile devices
With these in place, you can keep out a lot of the bad stuff. Just remember, there are consequences for your online actions.
We’ve collected these cybersecurity statistics for small businesses from a variety of sources.
General Small Business Cybersecurity Statistics
The numbers show small businesses are not only at risk
for an attack, but have already been attacked:
CYBERSECURITY STATISTICS – Numbers Small Businesses Need to Know
55 percent of respondents say their companies experienced a cyberattack in the past 12 months (May 2015-May 2016), and
50 percent report they had data breaches involving customer and employee information in the past 12 months (May 2015-May 2016).
43 percent of cyberattacks target small business. Only 14 percent of small businesses rate their ability to mitigate cyber risks, vulnerabilities and attacks as highly effective.
60 percent of small companies go out of business within six months of a cyberattack.
48 percent of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
Small businesses are most concerned about:
As you can see, just like us most other small business industries are most concerned about the security of customer data. In the aftermath of these incidents, these companies spent an average of $879,582 because of damage or theft of IT assets. In addition, disruption to normal operations cost an average of $955,429.
The root causes of data breaches broke out as follows:
While many small businesses are concerned about cyberattacks (58 percent), more than half (51 percent) are not allocating any budget at all to risk mitigation.
Dangerous disconnect – One of the more popular responses as to why small businesses don’t allocate budget to risk mitigation was they “feel they don’t store any valuable data.” Yet a good number reported they in fact DO store pieces of customer information that are of significant value to cyber criminals:
68 percent store email addresses;
64 percent store phone numbers; and
54 percent store billing addresses.
Small businesses reported that only:
38 percent regularly upgrade software solutions;
31 percent monitor business credit reports; and
22 percent encrypt databases.
If a company has a password policy, 65 percent of respondents say they do not strictly enforce it.
16 percent of respondents admitted they had only reviewed their cybersecurity posture after they were hit by an attack.
75 percent of small businesses have no cyber risk insurance.
In the end, the keys are: get educated and be diligent. Employees have to be made aware that what may appear to them a harmless internet connection can open the door for a ruthless cyberattack.