Optistar uses cookies to make our website work properly and to provide the most relevant content and services to our clients and site visitors.


10 Cybersecurity Statistics Show How SMB Risk is Changing

June 25, 2021

Cybercriminals are gunning for businesses of every size. In today’s booming dark web markets, the data that your business has including user records, financial information and identity documents are a powerful lure for bad actors who want to make a quick buck and reuse it to facilitate even more cybercrime. But today’s risk atmosphere is especially dangerous for small and medium businesses (SMB). A record-breaking overall cybercrime rate combined with skyrocketing incident recovery costs and the challenges of securing a dynamic workforce have formed a perfect storm of risk. These SMB cybersecurity statistics illustrate just how dangerous this storm can be – and how you can protect your business effectively without breaking the bank.

Major SMB Cybersecurity Challenges


Insider Threats

For companies with a small staff, one insider threat is a major risk. The majority of insider threats are non-malicious, accidental flubs that can’t be helped. But unfortunately, not everyone on your team really has your best interests at heart. Altogether, insider threat data breach risk rose about 40% in 2020, tripling in the last three years – and malicious insider actions are responsible for almost 25% of confirmed breaches. This can hit SMBs disproportionately hard. With fewer hands on board, more people have a larger scope of work, and that means that more people have access to sensitive data and systems. Those outsize risks come with equally outsize consequences.  According to IBM and the Ponemon Institute’s The Cost of Insider Threats Global Report 2020, the average cost of an insider threat to small organizations (500 employees or less) was $7.68 million.


Ransomware is the monster under the bed for cybersecurity teams. A favored tool of cybercriminals, ransomware is employed by nation-state threat actors as well as small-time gangs. This versatile weapon can be used to disrupt infrastructure like we recently saw with Colonial Pipeline as well as stop factory production, encrypt systems and steal data. An estimated 61% of organizations worldwide experienced a damaging ransomware incident in 2020, a 20% increase over the same period in 2019. A successful ransomware attack is inevitably an expensive, disruptive disaster, and the pace is not slowing down. Ransomware attacks in 2021 are already up more than 300% over the same period last year, beating 2020’s record-setting pace.


Most of today’s nastiest cybersecurity incidents all start with a phishing email. In fact, 90% of incidents that end in a data breach start with a phishing email. A huge increase in the volume of email trafficked since March 2020 has created a wealth of opportunity for cybercriminals to perpetrate phishing schemes, and they haven’t been idle. Phishing attacks can quickly turn into dangerous and expensive disasters like business email compromise (BEC), brand impersonation, credential compromise, ransomware and other malware.  While many companies do engage in phishing resistance training, they often fail to refresh it often enough. Experts recommend that employees take 11 courses per year for maximum efficacy. Haphazard training often reflects a poor cybersecurity culture that enables bad behavior like sloppy email hygiene by employees. In a 2020 survey of 1,000 employees, a disturbing fact stands out: 96% of employees are aware of digital threats like phishing, but 45% click emails they consider to be suspicious anyway.

10 SMB Cybersecurity Statistics That Every Business Needs to Know

In a rapidly evolving threat landscape, it’s important to keep a few facts in mind when considering the best solutions to secure business systems and data. Here are 10 SMB cybersecurity statistics that every business needs to know.

As is clearly illustrated by our 10 SMB cybersecurity statistics above, today’s SMBs are facing new threats around every corner. Creating a healthy cybersecurity culture is essential for defending businesses from cybercrime. By making cybersecurity a priority and training everyone to recognize threats, you’re making every employee feel like they’re part of the security team too. This is especially important in a tumultuous threat landscape. in the last 12 months, the epic changes that businesses have faced serve as a strong illustration of why building a strong cybersecurity culture staffed by security-savvy employees can be a game-changer for SMBs in every sector. Maintaining agility, building cyber resilience and empowering staffers to pivot quickly in the face of new challenges should be every organization’s goal in 2021.


A record-breaking overall cybercrime rate combined with skyrocketing incident recovery costs and the challenges of securing a dynamic workforce have formed a perfect storm of risk.

At the center of building that culture is phishing resistance training. The majority of today’s nastiest, most devastating cybercrimes are phishing-based. Getting your employees on board to fight back strengthens an organization’s cyber resilience dramatically. If just one employee spots and stops a phishing email because they’re invested in maintaining a strong defense, that can save a company millions of dollars as well as uncountable headaches in recovering from a cyberattack.

Secure identity and access management is also crucial for keeping systems and data safe. By adopting an access control solution that includes multifactor authentication (MFA), businesses can add strong protection against intrusion by hackers and credential thieves. An estimated 99% of password-based cybercrime can be stopped in its tracks just by adding MFA to your security plan. The other half of guarding against credential compromise is making sure that unpleasant password-based cybercrimes aren’t heading your way from the Dark Web. Using a real-time, always-on monitoring solution is a smart way to keep an eye on potential new dangers.

Now that you’ve reviewed some essential cybersecurity statistics, let us help you gain an edge against sophisticated cybercrime and strengthen your overall security by contacting us at 888.782.7003 or by emailing ask@optistartech.com today! To learn more, schedule a 15-minute consultation with one of our Senior IT Consultants so we can answer any questions you may have!

– ID Agent

Back to Insights
Sign up for More Insights