25+ Small Business Cyber Attack Statistics & Numbers (2024 Update)

Cyberattacks pose a significant threat to small businesses, severely affecting their operations and profits.

But just how bad can these cyber attacks get for small businesses?

With that in mind, we’ll cover eye-opening small business cyber attack statistics to show why strong cybersecurity is a must for every business.

Small Business Cybersecurity Statistics: Key Numbers

  • On average, 43% of cyber attacks target small businesses. 
  • Cybercrime increased by 600% due to COVID-19 pandemic.
  • 60% of small businesses shut down within six months of a cyberattack.
  • Nearly 40% of small businesses reported data loss due to a cyberattack 
  • 82% of ransomware attacks are aimed at small businesses.
  • 1 in 323 emails received by SMBs is malicious.
  • A data breach costs an average of $3.31 million for small businesses with fewer than 500 employees.
  • 95% of cybersecurity breaches are attributed to human error.
  • The cost of 95% of cybersecurity incidents at SMBs ranges from $826 to $653,587.
  • 5% to 20% of overall IT budgets are dedicated to security by small and medium-sized businesses.
  • 43% of small to medium-sized businesses lack a recovery plan for a cybersecurity incident.
  • 50% of small businesses take 24 hours or more to recover from a cyberattack.
Looking to 2023, what is your biggest concern related to security

Source:(Verizon, BM’s 2023 Cost of a Data Breach Report, Astra Security, Symantec, University of Maryland Francis King Carey School of Law, UpCity )


Small Business Ransomware Statistics

  • 85% of all ransomware targets are small businesses.
  • The average cost of a ransomware attack is $26,000.
  • Over the last year, US small businesses have paid more than $16,000 in ransoms.
  • The number of businesses subjected to ransomware attacks increased by more than 27% in the last year.
  • 37% of companies hit by ransomware had under 100 employees.
  • 5% of SMBs fell victim to ransomware between 2016 and 2017.
  • Manufacturing was the top industry targeted by ransomware attacks.
Industry sectors worldwide frequently affected by industrial ransomware incidents in 2023, by number of attacks

Sources: (Veeam’s 2023 Data Protection Trends Report, BitDefender, Statista, Linkedin, Thales Group, Small Business & Entrepreneurship Council, Verizon 2023 Data Breach Investigations Report)


Small Business Cyber Attack Resulting Damage Statistics

  • The average ransom payment has risen to $2 million, compared to $400,000 in 2023.
  • 60% of small businesses hit by a cyber attack shut down within six months..
  • 51% of small businesses report that their website is down for 8–24 hours after an attack.
  • After a cyber attack, 50% of small businesses take at least 24 hours to recover.
  • Nearly 40% of small businesses lose critical data due to a cyber attack.
  • 42% of small businesses hit by a cyber attack suffer a financial loss.
  • 32% of small businesses lose customer trust after a cyber attack.
Most Frequently Encountered Consequences of Cyber Attacks on Small Businesses

Sources: (Linkedin, Astra Security, BM’s 2023 Cost of a Data Breach Report, Bitdefender, State of Ransomware 2024)


Cost of a Cyber Attack on Small Business Statistics

  • On average, a cybersecurity incident costs SMBs $826 to $653,587.
  • Cyber attacks cause an average loss of $25,000 for small and medium-sized businesses (SMBs).
  • 500% jump in ransomware payments was recorded in the previous year.
  • SMBs pay an average of $52,000 for each DDOS incident.
  • Businesses with less than 500 employees typically incur $2.98 million per data breach.
  • $165,520 is the average recovery cost for companies earning less than $10 million a year after a ransomware attack.
Longtail Cost of Cyber Attacks

Sources: (Verizon, Business News Daily, Congress.gov, State of Ransomware 2024, Kaspersky, Tech Heads)


SMB Cybersecurity Preparedness And Response Statistics

  • 14% of small businesses say they are prepared to defend themselves against cybersecurity threats.
  • SMBs spend between 5% and 20% of their total IT budget on security.
  • An average business recovery time after an attack is 279 days.
  • Following a cyber attack, 29% of businesses immediately hire professional cybersecurity help or increase their in-house IT staff.
  • 83% of SMBs aren’t prepared to handle the financial fallout of a cyber attack.
  • 54% of businesses admit their IT departments lack the experience to deal with complex cyberattacks.
Proportion of companies that had to navigate cyber secutity incident in the past

Sources: (Insurance Journal, SBA, Tealtech, Astra Security, NinjaOne, Cyber Security Awareness)


Business Email Compromise Statistics

  • There are 15,208 business email compromises per year on average (data from 2013 to 2021).
  • Business email compromises cost an estimated $8.6 billion per year.
  • Business email compromise fraud costs $43 billion between 2016 and 2021.1
  • Between July 2019 and December 2021, the number of business email compromise (BEC) attacks increased by 65%.
  • 77% of organizations experienced business email compromise attacks, an 18% increase from 2020.
  • Cybercriminals are also using company names (68%), names of individual targets (66%), and boss/managers’ names (53%) in their spear phishing emails.
  • According to the Federal Bureau of Investigation’s 2021 Internet Crime Report (IC3), they received 19,954 reports of business email compromise (BEC).
Number of seen business email compromise (BEC) scam attempts worldwide from 2017 to 2020

How Much Do Cyber Attacks Cost Businesses

Cyberattacks cost businesses an average of $200,000 per incident, according to a recent study from Hiscox and a report from CNBC that we gather data from.

How Much Do Cyber Attacks Cost Businesses?

Cyber attacks are costly because they often lead to data breaches, which can damage a company’s reputation and result in financial losses. In addition, cyber attacks can cause business interruption, leading to lost revenue and additional expenses.

As a result, businesses need to be prepared to respond to cyber-attacks quickly and effectively. They also need to invest in cybersecurity measures to help prevent attacks from happening in the first place.

Leave a Reply