Cybersecurity is a critical concern for businesses of all sizes, but small and medium-sized businesses (SMBs) are particularly vulnerable to attacks. SMBs are often targeted by cybercriminals due to their weaker security systems and lower awareness of cybersecurity risks. 

In this blog, we’ll discuss eight cybersecurity statistics that SMBs must know in 2023, as well as some best practices they should implement to keep their organization safe.

SMB Cybersecurity Statistics

By understanding current cybersecurity statistics, your organization can minimize the potential of future attacks, gain value in your ongoing cybersecurity efforts and learn more about which measures may be beneficial for your organization to implement. 

Before we dive into statistics, however, it’s important to note that the size of an SMB can range anywhere from 25 to 1,000 employees. Similarly, the definition of a cybersecurity intrusion can be quite broad depending on the source; an intrusion can be anything from a single phishing email to a company-wide data breach. 

With that in mind, here are eight statistics that all SMBs should be aware of in 2023: 

1. 70 to 83% of SMBs are not prepared for a cyberattack1

Even though the threat of cyberattacks has steadily increased, most SMBs are generally not financially prepared for an attack, nor are they concerned about being a potential target. 

2. Over 80% of all security incidents are due to unpatched vulnerabilities2

An unpatched vulnerability refers to applications or systems that contain known vulnerabilities that have not yet been addressed through the implementation of updates or patches. If these vulnerabilities become exploited, they can potentially lead to a compromise of the affected system’s security.  

Many of these vulnerabilities and security incidents can be traced to missing elements that could have been addressed through modern security approaches, such as applying Zero Trust Principles and using modern anti-malware software. 

3. Over 80% of organizations experiencing a Business Email Compromise (BEC) did not have Multi-Factor Authentication2

Business Email Compromise (BEC) is a form of target phishing, or spear phishing, with the objective of tricking employees into taking harmful actions — i.e., sending money to the attacker.

Implementing MFA makes it more difficult for a threat actor to gain access to information systems, such as remote access technology, email or billing systems, even if passwords are compromised through phishing attacks or other means. 

4. The average time it takes for an SMB to recover critical systems from an encrypting malware attack is 7 days3

Ransomware is a form of malware that encrypts a victim’s files and prevents access until a ransom payment is made. Recovery typically takes a few days to a week, but can take months, depending on the size and complexity of an organization’s IT infrastructure. 

Having a well-thought-out backup and recovery plan in place can help your organization minimize downtime from an encrypting malware attack.

5. The average cost for full recovery of a typical on-premise SMB server environment can reach up to $100,000+3

The costs associated with a cyberattack can vary greatly, but are inarguably significant: 

Cost to investigate, remediate and repair the environment 

Even if good backups are in place and the attack is caught early, any mainstream attack against an SMB can range from $10,000 to $50,000 plus. This includes the cost of investigating the scope of the attack, as well as remediating and repairing the environment through restoring services. 

Cost of the penalty or fine 

If your organization’s data is held to HIPAA-compliant procedures or FTC standards, there may be an additional penalty or fine you must pay in regard to a cyberattack.  

These fines depend on the type of data and the scope of the incident, but often range anywhere from $10,000 to $100,000 plus. Many times organizations faced with these penalties failed to conduct an accurate and thorough risk analysis, implement appropriate audit controls and notify the affected individuals in a timely manner. 

Cost of the ransom itself 

The third cost that is often associated with cyberattacks is the ransom itself. A ransom payment is the result of an attacker getting into your organization’s environment, encrypting files and successfully blocking the recovery of the existing data by destroying backups.  

Ransom payments can range anywhere from $100,000 to $1M plus, depending again on the size of the SMB, the scope of the incident and the potential payout the attacker thinks they can receive from the organization. A ransom demand is a calculated percentage of the target company’s annual revenue (usually around 3%). 

6. 48% of organizations rank ransomware and targeted threats as their number one concern for 20232

Ransomware schemes have continued to evolve and grow each year, and they won’t slow down. A Digital Defense Report by Microsoft indicated that 50% of Microsoft cybersecurity recovery engagements were related to ransomware in 2022.

The most observed contributing factors to weak protection against ransomware were weak identity controls, ineffective security operations and limited data protection. 

  • 88% of impacted organizations did not employ Azure Active Directory best practices. 
  • 68% of impacted organizations did not have an effective vulnerability management and patch management program. 
  • 60% of impacted organizations did not use Endpoint Detection and Response (EDR). 

7. Security spending by SMBs is projected to grow faster than that of any other business segment, at a rate of 10% annually by 20254

Organizations have experienced an increase in the number of data security attacks since the initial outbreak of COVID-19, and there’s been a dramatic rise in the number of employees working remotely. 

While an increase in remote work has brought many benefits, such as greater flexibility and work-life balance, it has also made it more challenging for IT departments to control their organization’s IT environment and cybersecurity measures. 

SMBs’ cybersecurity investments have largely been influenced by increasing security breach concerns and remote environments, leading to a projected increase in spending on cybersecurity solutions in the years to come.

8. Cybersecurity insurance premiums have 22% year-over-year increase3

Growing demand, large payouts from ransomware attacks and ineffective cybersecurity hygiene are a few reasons why cybersecurity insurance premiums have skyrocketed year after year. 

Although no cybersecurity protection approach is foolproof, implementing best practices can help keep your cybersecurity insurance rate increases reasonable.

Cybersecurity Best Practices

Attackers are modifying their methods as cyber defenses advance and more organizations are adopting a preventative strategy. But not all SMBs are properly equipped to handle cyberattacks. 

Here’s a list of top cybersecurity best practices to adopt to help keep your organization protected. 

Implement a Cybersecurity Plan 

SMBs must have a cybersecurity plan in place that outlines the steps they will take to prevent, detect and respond to cyberattacks, if they don’t already. 

Not only should your organization have a plan in place, but all employees should be trained on how to identify and respond to cyber threats. This may include regular training on phishing attacks, password security and social engineering tactics. 

Continuous Vulnerability Assessments 

Cybersecurity experts have largely moved away from recommending that organizations have an annual vulnerability assessment, Instead, they recommend more frequent vulnerability assessments and scanning to ensure systems are properly secured to prevent potential risk.  

A risk assessment identifies vulnerable systems, missing patches, misconfigured systems and unknown or unapproved devices on your network. 

Many attackers take advantage of known vulnerabilities in software, but by keeping software up to date SMBs can reduce the risk of being hacked. 

Backup Data Regularly 

In the event of a ransomware attack, having regularly backed up data can make the difference between a minor inconvenience and a major disaster. 

Restoring from a backup requires that said backup is updated often to ensure minimal loss of data upon restoration, so implementing proper backup procedures is especially important for all organizations. 

Implement Multi-Factor Authentication on All Systems and Accounts 

Enacting Multi-Factor Authentication is one of the most effective elements in reducing cybersecurity risk and is a recommendation that all security experts and major software vendors agree on. 

It is suggested that organizations have MFA on outward-facing systems, such as email or any sort of critical system that handles sensitive data — i.e private financial or healthcare information.  

Additionally, experts are recommending that internal administrator accounts implement MFA as well, in both on-premise and cloud systems. In doing so, you’ll be able to limit the amount of access a hacker has if they get into your environment. 

Integrate On-Premise and Cloud-Based Systems 

Having systems that are both on-premise and cloud-based can increase security risks, as well as lower user accessibility and usability. 

Implementing Zero Trust Access and Secure Access Server Edge (SASE) types of services allows an organization to bring their systems together in terms of monitoring and management. Rather than treating them as disparate systems, these services bring in logging and alerting data into one database. 

By implementing these services, your organization will be able to compare different activities that are considered normal or abnormal while raising necessary alerts. 

Assessing and maintaining your organization’s IT environment can be stressful, but working with a trusted IT Solutions provider can help keep your organization protected from cyber threats.  

Contact Loffler and take advantage of our 2023 Cybersecurity Promotions today!

Read Next: Ransomware: Understand the Threat. Protect Your Organization.

1. Forbes
2. Arctic Wolf
3. Loffler
4. Analysis Mason
Randy Anderson

Randy is a CISSP who leads the Cybersecurity and IT Consulting team at Loffler Companies. He is focused on applying his 25+ years of IT experience to help his clients measure, understand and manage information security risk through the vCISO managed consulting program.

Latest News

December 7, 2023

The ABCs of Cybersecurity Assessments

In the realm of cybersecurity, the phrase “you can’t manage something if you can’t measure it” rings especially true. ...
Read More
November 16, 2023

Is Your Data Protected? Explore All the Factors to Consider

If you don’t have good data protection practices in place, the risks to your organization can be extreme. Data ...
Read More
November 9, 2023

The Cost of Being Unprepared for a Cyber Attack: A Deep Dive into Incident Response ROI

When it comes to cybersecurity, you can’t just hope for the best; you need to be prepared for the worst. The stakes are ...
Read More