Small Business Cybersecurity Statistics in 2025
Posts by Kelly IndahJuly 1, 2023
There are approximately 8 billion people in the world and, as of 2023, over 5 billion of them have access to the internet.
That’s over 60% of the population.
The figure has increased year after year but surged recently thanks to the global pandemic.
For a business to operate successfully in the modern marketplace, they need to be online, reaching all these potential customers.
Unfortunately, being online also poses risks, as data has become potentially more valuable than money.
Cybercriminals hack systems in order to take data and sell it on the dark web.
They even use the data to access funds and steal identities.
In short, every business needs to protect themselves and the data they hold.
As the following small business cybersecurity statistics show, that applies to all businesses, not just large ones.
If you’re one of the small businesses without any cybersecurity measures in place, you’ll appreciate the need for them after reading the following:
Key Statistics
- 60% of small businesses close within 6 months of a cyberattack
- 40% of small businesses lost essential data in a cyberattack
- 61% of sm bs experienced a cyberattack in 2021
- 43% of all data breaches are from small businesses
- 37% of successful ransomware attacks were on small businesses with less than 100 employees
- One in 323 malicious emails are sent to small businesses
- 55% of US citizens would stop doing business with a company after a data breach
- 51% of sm bs have no cybersecurity
- 18% of attacks on small businesses were via malware
- 25% of small businesses lost funds in a cyberattack
Top Small Business Cybersecurity Statistics in 2025
1. 60% Of Small Businesses Close Within 6 Months Of A Cyberattack
Cyberattacks are designed to steal data. Hackers are after financial data from the business and customer details.
These can be used to extract funds from the business and individuals.
The data can also be sold on the dark web.
All of this generates funds for the cybercriminals and could cost the business money.
However, the bigger issue is the loss of trust. Over fifty percent of customers would take their business elsewhere after a cyberattack.
That’s a significant loss of revenue for the business.
Studies show that, between the loss of earnings and the cost of upgrading cybersecurity, small businesses can lose as much as $690,000.
Medium-sized businesses can lose in excess of $1 million.
For 60% of small businesses, these costs, alongside the struggle to maintain customer levels, are enough to put the company out of business.
(National Cyber Security Alliance)
2. 40% Of Small Businesses Lost Essential Data In A Cyberattack
The Bullguard 2021 report showed that 40% of small businesses lost crucial data during a cyberattack.
It’s irrelevant whether the attack was a ransom demand or simply a data grab.
In 40% of cases small businesses lost data that could be considered critical to their operation.
In some cases the data simply went missing, in others it was corrupted or not returned after a ransom demand was paid.
No matter the reason, it’s embarrassing for the business and will cost any company customers.
(Bullguard)
3. 61% Of SMBs Experienced A Cyberattack In 2021
The 2022 data breach report from Verizon highlighted the number of small businesses which have been the victims of a cyberattack.
Nearly two-thirds of small businesses have been attacked.
Not all attacks were successful. However, if you’re a small business without cybersecurity, the attack will certainly get into your system and cause you issues.
The statistic is higher than in previous reports, suggesting that hackers are increasingly targeting small businesses. It’s a trend that looks likely to continue into the future.
(Verizon)
4. 43% Of All Data Breaches Are from Small Businesses
A recent Accenture study showed that nearly half of all cyberattacks are directed at small businesses.
This staggering fact illustrates why all small businesses need to be prepared for an attack.
It should be of particular concern for the 56% of small businesses (according to CNBC) which don’t feel an attack is of concern to them.
Small businesses generally make easier targets and several businesses can yield as much data as a large business.
It’s time SMBs took cybersecurity more seriously.
(Accentures)
5. 37% Of Successful Ransomware Attacks Were On Small Businesses With Less Than 100 Employees
Many smaller businesses feel they are too small to be of interest to cybercriminals. However, for various reasons, this is no longer the case.
The study found that 82% of ransomware attacks were targeted at companies with less than 1,000 employees.
Furthermore, nearly half of all attacks, at 37%, were against small businesses with under 100 employees.
Ransomware attacks can destroy a small business.
However, the majority of these attacks are via RDP compromise. In other words, the hackers get in with an administrator’s password.
Adopting a strong password policy and using a reputable password manager, such as NordPass, is the best way to prevent these attacks from being successful.
(Verizon)
6. One In 323 Malicious Emails Are Sent To Small Businesses
It may not sound like a lot, but one in 323 emails received by small businesses are malicious.
That’s businesses with 250 employees or fewer.
This rate is significantly higher than for larger businesses!
The key to understanding this statistic is in how many emails you receive daily.
The average employee is said to get 121 emails a day.
That means, if you have three employees you’ll get at least one malicious email a day.
It only takes one email to be opened or a link clicked on to allow the cybercriminals their opening.
(Symantec Security Center)
7. 55% Of US Citizens Would Stop Doing Business With A Company After A Data Breach
This statistic should be one of the biggest concerns for all businesses. A data breach means you’ll potentially lose over half of your customer base.
A large business may be able to cut costs and rebuild the business over several years.
Smaller businesses won’t have the financial backing to make this a possibility. Instead, they are likely to fail within 6 months.
Unfortunately, data breaches must be disclosed.
In short, not taking cybersecurity seriously means you’re more likely to be the victim of a cyberattack and will lose a large proportion of your customers.
(Verizon)
8. 51% Of SMBs Have No Cybersecurity
A survey by Digital.com in March 2022 discovered that 51% of small businesses have no cybersecurity measures in place.
In other words, they are completely open to attack.
These businesses effectively have an open door for cybercriminals.
The survey looked at businesses with fewer than 500 employees. The good news was that 42% of respondents confirmed their business had cybersecurity.
Twenty-one percent of the businesses asked were busy installing cybersecurity, helping to protect them from future attacks.
(Digital.com)
9. 18% Of Attacks On Small Businesses Were Via Malware
Malware attacks consist of emails, websites, and even apps.
All of them have a link which allows you to access or download something amusing or relevant to your business.
The message and the link don’t generally seem harmful.
However, once you click the link you’re allowing malware to be installed on your system. You won’t see it being installed but it will start working straight away.
Malware can record everything you type or simply start bombarding your system with adverts, slowing it and even making it impossible to use.
It’s a nuisance and can be an expensive issue. A staggering 18% of cyberattacks use the malware format.
It’s the most common approach when targeting SMBs.
Malware attacks are closely followed by phishing attacks, these make up 17% of attacks.
Website hacking comes in third with 16%, DDOS fifth with 15%, and ransomware trickles in at fifth, covering 10% of attacks.
(Verizon)
10. 25% Of Small Businesses Lost Funds In A Cyberattack
A cyberattack can result in your data being encrypted and the hackers demanding a ransom.
It can also provide hackers with an opportunity to steal your financial data.
This can then be used to remove money from the business account.
If the business doesn’t have cyber insurance the funds lost will need to be covered by the business itself.
The latest Verizon survey discovered that; in 25% of cases, small businesses lost their own funds and were unable to claim them back.
(Verizon)
Why Are SMBs Being Targeted?
It would seem natural for cybercriminals to target large businesses, that’s where the big gains are to be had.
However, the number of SMBs being targeted is steadily increasing.
Small businesses are now more likely to be targeted than large ones. Here’s why:
Exposure
If a cybercriminal manages to cause a data breach at a large business then the story will be across the news.
That means, there will be plenty of attention from law enforcement and the news reporters are unlikely to let the story go easily.
In short, the hacker will attract a lot of attention, they’ll have to lay low, and the likelihood of them being detected is much higher.
The risks are much lower when targeting a small business.
Fewer people are interested in the news, making it easier for the cybercriminal to disappear and evade capture.
Ease Of Access
Because many small businesses don’t take cyberattacks seriously they don’t have high-quality cyber security.
Hackers will easily find a way into the system and can then extract data as they please.
It’s significantly easier and faster than working through several layers of security while trying to access the data of a large company.
Rewards
There is little doubt that big businesses provide large amounts of data and, therefore, the potential for a big cash payout.
However, small businesses can also offer a significant amount of data and funds.
More importantly, because a cybercriminal can access multiple businesses at the same time, the rewards are still impressive.
In fact, it’s possible to earn more from several small businesses than it is from one successful hit on a large business.
Protecting Your Business
Small businesses don’t generally have a huge number of employees, especially those with access to the system.
The simplest way to protect your business is to talk to these employees and train them in the risks associated with cyberattacks.
Specifically, you should discuss attack methods, such as phishing, and the importance of never sharing your login credentials.
Alongside this, if your business hasn’t already got security software, you need to get some.
A policy of only using strong passwords, coupled with a password manager is a good start.
This should be followed by antivirus and anti-malware programs.
Add in a firewall and maintain staff training and you’ll have made it much harder for your business to be the victim of a successful cyberattack.
Summing Up
The truth is many small businesses prefer to bury their heads in the sand than face the reality that cyberattacks can and do happen.
Unfortunately, cybercriminals know this, which is a big part of the reason why they target small businesses.
The above small business cybersecurity statistics illustrate how serious this issue is.
It’s time all businesses, regardless of size, started to appreciate the importance of cybersecurity and worked together to protect each other.
The sooner you are proactive about protecting your business from cyberattacks, the better.