Many small business owners feel they are safe from cyberattacks and data breaches.

After all, any cybercriminal can get much better rewards from large firms, especially those that hold billions of personal records, such as Microsoft.

These are attractive targets for hackers.

However, they also have extensive security and dedicated IT teams, working to keep the hackers out.

Small businesses can’t generally afford this type of protection or dedicated staff.

That means they are easier to hack. 

In short, cybercriminals have realized that hitting lots of small businesses can be more lucrative and easier than targeting big businesses.

They are also less likely to be pursued by law enforcement as individual cases aren’t as high profile.

As the following small business data breach statistics will show, cyberattacks targeting small businesses are increasing.

It’s a trend that is likely to continue and small business owners should be aware of it now. 

Key Statistics

  • 46% of data breaches happen to businesses with less than 1,000 employees
  • An astonishing 82% of ransomware attacks are against small businesses
  • 61% of small businesses experienced a cyberattack in 2021
  • 60% of small businesses don’t survive the hack
  • 59% of large company breaches follow data stolen from a small business
  • 51% of small businesses have no cyber security
  • Each small business cyber attack costs the business between $826 and $653,587
  • 51% of sm bs pay cyber criminals a ransom demand
  • 40% of small business permanently lose important data after an attack
  • 80% of hacks result from compromised credentials or passwords

Top Small Business Data Breach Statistics in 2024

1. 46% Of Data Breaches Happen To Businesses With Less Than 1,000 Employees

Small Business 152

The 2021 Verizon Data Breach report showed that an increasing number of smaller businesses are being targeted with cyber attacks. 

In 2014 just 34% of small businesses experienced cyber attacks, by 2015 this number had increased to 43%.

The latest report now shows that 46% of small businesses have been targeted. 

The increase is due to how few security measures most SMBs have, making them easy targets for cybercriminals.

The rewards may be smaller but hackers can more easily target multiple companies, making the overall gains better. 

As previously mentioned, attacking small businesses is also less likely to get a response from law enforcement or even make the news headlines.

That’s less scrutiny for the hackers. 


2. An Astonishing 82% Of Ransomware Attacks Are Against Small Businesses

The 2021 survey by Symantec discovered that a staggering 82% of ransomware attacks are directed at small businesses, specifically those with less than 1,000 employees. 

Worryingly for small businesses, 37% of these attacks were directed at companies with less than 100 employees.

In other words, no company is safe, especially not small ones.

Ransomware attacks usually start with an attempt to get passwords.

In many small businesses password control is poor and the majority of users are also administrators. 

This means a hacker only needs one person to fall for a phishing email or similar and they will have the access they need to enter the system, encrypt your data, and demand a ransom.


3. 61% Of Small Businesses Experienced A Cyberattack In 2021

A 2021 Verizon report showed that 61% of small businesses were targeted by cybercriminals.

The good news is that not all small business cyber attacks were successful.

However, for the cybercriminal, one success in one hundred attempts produces adequate results. 

A reluctance to disclose breaches means it’s difficult to confirm the exact proportion that were successful.

However, it’s likely to be a significant proportion of those attacked, simply because SMBs traditionally have low-quality cybersecurity.

Considering the damage that can be done financially and reputationally, the news that 61% of SMBs have experienced a cyberattack should be enough to prompt a review of your cyber defenses. 


4. 60% Of Small Businesses Don’t Survive The Hack

Perhaps the most concerning small business data breach statistic is the survival rate.

The cost of being hacked is significantly higher than the cost of cybersecurity.

Most cybercriminals will take the data files, this allows them to build profiles on people and sell these on the dark web. It can earn them a lot of money. 

This doesn’t mean a direct financial loss for the company. 

However, cybercriminals will also take company financial details and take what they can from the business bank accounts.

They may also apply for credit on your behalf. 

This can cause the loss of considerable funds and years of hassle resolving the issues. 

The bigger threat, and the one which causes small businesses to fold, is the damage to your reputation. Businesses which have suffered data breaches will lose customers. 

Studies show that these businesses, if they survive, will still be performing worse than their peers in 3-5 years. 

It’s the loss of clients that causes the biggest financial issues for trading. So much so that 60% of small businesses will go under after a cyberattack.

(Cybersecurity Venture)

5. 59% Of Large Company Breaches Follow Data Stolen From A Small Business

Hacking small businesses means data is stolen.

In many cases cybercriminals don’t just gain access to company details and customer credit card numbers, they also find a doorway to bigger businesses. 

If you’re a small business and have a direct connection to a larger business, such as a supplier or partner, then you’ll probably have software connecting the businesses. 

Cybercriminals will find this doorway and use it to get to the larger business.

They can then take their data or even perform a ransomware attack. 

It may sound fanciful but 59% of breaches on larger businesses are a direct result of data breaches on SMBs.

This approach is much simpler and easier for the hacker and is an example of why small businesses need to take cybersecurity seriously.

(Ponemon Institute)

6. 51% Of Small Businesses Have No Cyber Security conducted a survey of over 1,000 businesses in March 2022.

All the respondents had less than 500 employees. 

The survey found that 51% of these businesses had no cybersecurity measures in place.

In other words, their system was open and vulnerable to attacks. 

The survey showed that 21% of small businesses were currently working on installing cybersecurity. 

However, an astonishing 36% of small businesses were found to be not at all concerned about cybersecurity.

They simply feel their business is so small that it won’t be targeted. 


7. Each Small Business Cyber Attack Costs The Business Between $826 And $653,587

Small Business 155

The exact cost of a cyberattack will vary depending on what data the criminals took, how much downtime the company experienced, the number of customers that transfer their business elsewhere, and even any fines the business incurs. 

It’s also worth factoring in the cost of installing cybersecurity and ensuring the business complies with current legislation. 

The costs quickly mount up.

The Verizon 2022 report shows that the cost to a business can be anything between $826 and $653,587, enough to put most small businesses out of business.

The cost to businesses and the industry is staggering.

In 2020 over 700,000 cyberattacks happened against small businesses. The cost of these attacks was approximately $2.8 billion. 

This figure will move upward in line with the increasing number of attacks. 


8. 51% Of SMBs Pay Cyber Criminals A Ransom Demand

Watch the movies and the ransom is never paid. The same isn’t true in real life.

If a ransomware attack is successful all your data is encrypted, making it impossible for you to run your business. 

In the past, having a recent backup of your data could save you.

However, cybercriminals are now wise to this. They won’t just encrypt your data, they will threaten to release it on the web if you don’t pay. 

That’s why 51% of businesses pay the ransom demand. Roughly half of these are covered by cyber insurance.

The other half have to pay from their own pocket. That puts the business under serious financial pressure. 

In fact, a CyberCatch survey found that 75% of SMBs would be unable to survive if they had to pay a ransom themselves. 


9. 40% Of Small Business Permanently Lose Important Data After An Attack

Any cyber attack is likely to knock your systems offline, costing you business as customers will go elsewhere.

It will also damage your reputation. 

While paying a ransom can help to keep things quiet and reduce the reduction in service, the truth is many businesses don’t get all their data back.

The BullGuard report suggests that as many as 40% of attacks result in lost data.

It’s impossible to check every piece of data when you get it back and you’ll have already paid the ransom.

In other words, there is nothing you can do to recover the data. The only question is how critical it was for your operation. 


10. 80% Of Hacks Result From Compromised Credentials Or Passwords

A report conducted by Verizon in 2020 found that 80% of successful cyberattacks happened after hackers uncovered usernames and passwords.

Small businesses are most frequently targeted with phishing emails and hackers will use credential stuffing to discover the necessary credentials. 

It only takes one employee to accidentally give out a password, allowing hackers access.

They can use this to access the rest of the business systems and steal data or even corrupt it. 

One of the best ways to prevent this is to insist on dual-factor authorisation when logging in.

This means a code is sent to your cell phone or the login process needs a fingerprint or facial ID. 

Using dual-factor authentication makes it virtually impossible for a hacker to gain access to the system. Yet, only 20% of SMBs have currently implemented this security protocol. 


How To Protect Against Data Breaches

Data Breaches 153

Small businesses need to recognize that cybersecurity is important and that, in many cases, they are more likely to be a target than larger businesses.

That’s why it’s important that all SMBs take steps today to protect themselves against data breaches.


Hackers will always exploit the weakest link. In this instance it’s usually employees.

They are the ones most likely to fall for a phishing email or something similar, and provide the cybercriminal with the access details they need.

The best way for small businesses to prevent this from happening is to ensure all staff are fully trained in respect of cyber crimes and the methods cybercriminals adopt. 

The training needs to be updated regularly, it’s significantly cheaper than dealing with a data breach. 

Strong Passwords

Weak passwords can be easily cracked by a jacker. All employees should have strong passwords.

That’s ones which are at least 12 characters long and use upper and lowercase letters, along with numbers and symbols. 

Alongside this, you should install a password manager, such as NordPass, which all employees can use.

This won’t just store the passwords safely, it will generate passwords, ensuring everyone is unique. 

The Right Software 

Of course, small businesses should also invest in high-quality firewalls, anti-virus, anti-malware, and even secure cloud storage. 

Investing in the right software will help to keep your company data safe.

It’s a worthwhile investment, just remember to update it regularly. 

Summing Up

The small business statistics show a clear picture, date breaches are increasingly common.

Worse, small businesses are a popular target. This trend is highly likely to continue, meaning your business is likely to be a target in the near future. 

If you run a small business and are targeted, there is a good chance it will close your business, it’s very difficult and costly to recover from a data breach. 

The good news is you can install software, create strong passwords, and train employees.

Doing this today could save you a big headache tomorrow.

Best of all, it’s easier than you think to sort your computer security and protect your data. 


VerizonCyber Security VenturesStrongDM