![10+ SMB Cybersecurity Statistics You NEED to Know in [year] 1 SMB Cybersecurity Statistics](https://increditools.com/wp-content/uploads/2023/06/Server-Message-Block-Hacker.jpg)
![Colin Tan](https://increditools.com/wp-content/uploads/2023/04/Colin-Tan-1-50x50.png)
10+ SMB Cybersecurity Statistics You NEED to Know in 2025
Posts by Colin TanJune 25, 2023
If you run a small or medium-sized business you may think that you’re less likely to be a victim of a cyberattack.
Unfortunately, the first thing these SMB cybersecurity statistics will show you is that you’re one of the most popular targets.
The simple truth is your budget and resources are probably already stretched and you’re focused on building your business.
That means cybersecurity takes a back seat.
In other words, small and medium-sized businesses are often an easy target and cybercriminals know this.
In order to properly protect yourself you need to appreciate the depth of this issue.
Key Statistics
- 46% of successful cyberattacks occurred to businesses with under 1,000 employees
- 61% of SMBs experienced a cyberattack in 2021
- 1 in 323 small businesses received malicious emails in 2021
- 55% of consumers Will stop using a business after a data breach
- 40% of small businesses lost crucial data thanks to an attack
- 51% of small businesses have no current cybersecurity
- 95% of data breaches are thanks to human error
- Just 14% of smbs are ready for a cyberattack
- Average cyberattacks cost between $826 and $653,587!
- An increase of 15% in cybercrime is expected next year
- Seven million data records are stolen every day
Top SMB Cybersecurity Statistics in 2025
1. 46% Of Successful Cyberattacks Occurred to Businesses With Under 1,000 Employees
The 2021 Verizon report studies the number of data breaches which have occurred during the year.
It noticed that 46% of data breaches were the result of successful cyberattacks on SMBs.
The report also highlighted how much these attacks are increasing.
For example, SMBs with under 250 employees experienced 34% of all successful cyberattacks in 2014.
This figure rose to 43% by 2015. Today, the range of attacks includes businesses with up to 1,000 employees.
Hackers have realized that these types of businesses are generally easier targets and the attack won’t get the same level of media coverage or law enforcement attention that a hack on a large business would.
(Verizon)
2. 61% Of SMBs Experienced A Cyberattack In 2021
The same annual report showed that not all cyberattacks are successful.
However, with 61% of cyberattacks directed at SMBs, it’s essential all businesses are well prepared.
It emphasizes how popular it is for cyberattackers to direct their attacks at SMBs.
You should note, the most common type of attack on small and medium-sized businesses is malware.
Eighteen percent of all attacks simply want you to click a link and allow the malware to be installed.
Phishing is a close second and is partly related to malware. Seventeen percent of all attacks are phishing emails.
(Verizon)
3. 1 In 323 Small Businesses Received Malicious Emails In 2021
Small businesses receive more malicious emails than any other type of business.
In fact, the Symantec Security report showed that most malicious emails, such as phishing and malware, are aimed at businesses with 250 employees or less.
The research showed one in 323 emails received by these businesses are malicious.
If you think that makes you safe, consider how many emails your business receives a day.
You’ll likely get more than 323 a week.
That means you’ll be getting at least one cyberattack a week.
(Symantec Security Center)
4. 55% Of Consumers Will Stop Using A Business After A Data Breach
Interestingly, most SMBs don’t rate cybersecurity as a top concern for their business.
Yet, four in ten of these businesses believe they will be the victim of a cyberattack within the next 12 months.
What’s most concerning about this is that the survey showed 55% of customers will look for alternate suppliers if the business suffers a data breach.
In short, the trust would be gone and so would the consumers.
That can have a serious effect on any business and should encourage you to take cybersecurity more seriously.
(CNBC/SurveyMonkey QuarterlySurvey)
5. 40% Of Small Businesses Lost Crucial Data Thanks To An Attack
The most recent Bullguard research survey shows that SMBs are increasingly at risk of cyberattacks.
Amazingly, nearly half of these businesses, a staggering 43%, have no cybersecurity defense plan.
The study found that 50% of SMBs took longer than 24 hours to recover from a data breach.
40% of these businesses lost data that was crucial to the running of the business.
This is true even in cases where ransoms have been demanded and paid. It’s rare for all the data to be recovered.
25% of businesses that experienced a data breach confirmed the attack cost them business.
This is in lost takings and reduced sales due to lower consumer confidence.
(Bullguard)
6. 51% Of Small Businesses Have No Current Cybersecurity
Cybersecurity is something that every business should think about, because any business can be targeted.
Yet, the 2022 Digital.com survey, which spoke to 1,250 SMBs, found that 51% of businesses had no cybersecurity measures in place.
In other words, they were vulnerable to an attack. The survey only looked at businesses with 500 or less employees.
More positive was the finding that 42% of businesses did have cybersecurity and 21% were developing cybersecurity, even if they currently had none.
(Digital.com)
7. 95% Of Data Breaches Are Thanks To Human Error
SMBs often worry about the cost of cybersecurity, especially when the business already has tight budgets.
It can seem easier and more cost-effective to take the risk.
Of course, this can be very costly if you do suffer an attack, significantly more than the cost of cybersecurity.
The good news is you can lower your risk of a successful attack by educating your staff.
The latest data shows that 95% of data breaches are due to human error.
That means staff have opened dubious emails and clicked on links they shouldn’t have.
(World Economic Forum)
8. Just 14% Of SMBs Are Ready For A Cyberattack
Despite 43% of cyber attacks being directed at SMBs, only 14% of these businesses are ready for a cyberattack.
Being ready means having trained their employees and adding various security protocols into their software systems.
The top four cybersecurity measures are firewalls, VPNs, password managers, and antivirus software.
The latest survey shows 38% of businesses are adding these into their current operating systems.
That makes it harder for cybercriminals and is likely to increase the odds of an unprotected SMB being targeted.
(Accenture)
9. Average Cyberattacks Cost Between $826 And $653,587!
The latest Accenture cybercrime survey noted the average cost of an attack on a business.
It ranges between $826 and $653,587.
The exact cost depends on what type of attack was launched and how severely the business was affected.
In other words, what data the attack was after.
All SMBs should think about this cost as any business facing a bill of over half-a-million dollars may struggle to survive.
Not being ready for a cyberattack can mean a successful attack and the subsequent closure of the business.
(Accenture)
10. An Increase Of 15% In Cybercrime Is Expected Next Year
Cybercrime has been increasing every year. That’s not surprising as the number of people using the internet is also increasing.
It’s also a lucrative revenue stream for cybercriminals. It’s estimated that there will be a 15% increase in cybercrime costs to businesses each year.
This will make the overall cost to businesses $10.5 trillion as soon as 2025.
(Verizon)
11. Seven Million Data Records Are Stolen Every Day
The latest Varonis data breach report showed that 53% of businesses didn’t encrypt sensitive files.
That meant any employee could see them.
While most employees wouldn’t do anything criminal with this data, it does mean it’s very vulnerable if a cybercriminal managed to hack an employee’s account.
Encrypting sensitive company data files would help to reduce the seven million data records which are stolen daily.
(Varonis)
Protecting Your Business
These SMB cybersecurity statistics should make it obvious that this is a serious issue.
The risk of attack will increase in the future and a breach can have catastrophic effects for your business.
In short, you need to take steps today to protect your business.
Training
The simplest and most cost-effective way to reduce” the risk of a successful cyberattack is to train your employees.
Training will ensure they are aware of the risks associated with clicking on unknown links, reading suspect emails, and even giving out passwords and other personal information.
All you need is a regular meeting to remind employees of the need for vigilance, especially when it comes to emails and links embedded into them.
Update/Upgrade Software
Of course, every SMB should also invest in high-quality software.
That means antivirus, antimalware, and any other systems recommended by your cybersecurity specialist.
Having the software isn’t enough. As cybercriminals are constantly finding new ways around the system, software firms are constantly creating patches and updates.
To help keep your system and data safe you need to download and install the updates as soon as they are received.
Data Encryption
SMBs often don’t think about how their data is stored. It’s simply saved in a program on your local computer.
Unfortunately, this makes it vulnerable as the computer can be hacked and the data stolen.
The best approach is to encrypt your data, ensuring only the intended end user can read it.
Alongside this, it’s a good idea to look at cloud data storage.
This will make it easier for you to access your information from anywhere in the world.
Cloud data storage providers generally encrypt data for you, helping to ensure hackers can’t read it.
Secure Your Network
Most SMBs use wireless networks, allowing employees to effortlessly connect online and communicate with colleagues and customers.
However, a large percentage of SMBs don’t use enough security on the wireless network.
It makes it very easy for anyone to hack into the network. Once in, they can start looking at records and stealing sensitive data.
Every SMB needs to ensure they have a strong wireless network password and that it’s changed regularly, including when an employee leaves.
Adding firewalls and spam/malware filters will also help.
Dual-Factor Authentication
This remains one of the best ways to secure access to any data. At the moment, cybercriminals are unable to bypass this system.
That’s why an increasing number of businesses are introducing dual-factor authentication into their software.
It can be used by employees and consumers.
Dual-factor authentication means you can’t get into your account without a code being sent to your mobile device.
As cybercriminals don’t generally have access to your mobile device they can’t replicate the code.
Summing Up
Cybersecurity is something that every SMB should be taking seriously.
Fail to plan for a cyberattack and you are likely to suffer one. It can mean the end of your business.
As these SMB cybersecurity statistics for 2025 show, any business can, and is, targeted.
To keep your data safe and maintain the trust of your customers, you need to invest in cybersecurity and staff training.
Don’t forget, SMBs are the most common targets of hackers because you have lower security and there will be less attention after a hack.
All SMBs need to take steps today to protect themselves.