Sign up for PrimePay blog updates!

23 Cybersecurity Stats Your Small Business Needs to Know

23 Cybersecurity Stats Your Small Business Needs to Know

Billions of people are affected by data breaches and cyberattacks every year. Over 760 million attacks happened in just a three month span last year.

If you're not doing everything you can at your small business to educate and prepare yourself and your staff, we’ll explain why you probably should be.

Thanks to our partners at ThinkHR, and Michael Osterman of Osterman Research, our latest webinar revealed some of the top cyber risks to keep on your radar.

Osterman Research conducted a recent study of IT decision makers and influencers. These were the top concerns they listed as threats to their organization:

  1. A breach of sensitive/confidential data – 68 percent
  2. Phishing attacks – 68 percent
  3. Spearphishing/CEO fraud attacks – 68 percent
  4. Ransomware attacks – 62 percent
  5. Targeted attacks/zero-day exploits – 55 percent
  6. Malware infiltration through HTTPS/SSL web traffic – 50 percent
  7. Endpoints compromised by botnets – 43 percent

Other concerns listed included: account takeover attacks, ‘shadow IT’ (employees using unauthorized cloud apps and services), malvertising, cryptocurrency mining malware being installed on your internal PCS or servers, drive-by attacks, use of CPU by cryptocurrency miners when users visit websites, or employees surfing websites that violate corporate policies.

In short, there are a lot of potential risks out there.

Osterman further explained on just what can (and does) go wrong in organizations:

  • Users click on a phishing link or attachment, infecting an endpoint with malware that can steal files, log keystrokes, mine for cryptocurrencies, or inflect one or more endpoints with ransomware.
  • Users believe a spearphising email and wire funds to a cybercriminal.
  • Users mistakenly send an email to the wrong party.
  • Users maliciously send files to a competitor.
  • Users visit a website or click on a malicious advertisement that could infect an endpoint.
  • Login credentials get stolen.
  • Email accounts get taken over.
  • Departing employee deletes or steals files.
  • A cloud service gets compromised, resulting in a data breach.
  • Users inadvertently leak sensitive data through social media or text messaging.
  • Users lose a mobile device or laptop.
  • Users send confidential information without encrypting.
  • IT allows users to employ their own devices without ensuring the devices are secure.
  • Users enable physical access.

The recent study by Osterman Research discovered what actually has gone wrong in certain organizations. Here's what the research found:

  1. Twenty-seven percent reported a phishing attack was successful in infecting systems on their network with malware.
  2. Twenty-five percent say a targeted email attack launched from a compromised account successfully infected an endpoint with malware.
  3. Twenty-five percent said sensitive and confidential information was accidentally leaked through email.
  4. Twenty-three percent say a targeted email attack from a compromised account successfully stole a user’s account credentials.
  5. Twenty-two percent reported one or more endpoints had files encrypted because of a successful ransomware attack.
  6. Twenty-one percent relayed that malware had infiltrated their internal systems (but they were unsure through which channel).
  7. Nineteen percent said one or more of their systems was successfully infiltrated through a drive-by malware attack from an employee’s web browsing.
  8. Seventeen percent said an email as part of a CEO fraud attack successfully trick one or more senior executives in the organization.
  9. Seventeen percent indicated that a fileless/malwareless attack reached an endpoint.
  10. Fifteen percent said an account takeover-based email attack was successful.
  11. Over eight percent reported sensitive and confidential information was accidentally or maliciously leaked through a cloud-based tool like Dropbox.
  12. Over seven percent said a targeted email attack was successful in infecting one or more senior executives’ systems with malware.
  13. Close to six percent said sensitive and confidential information was accidentally or maliciously leaked through a social media/cloud application.
  14. Close to six percent reported that sensitive and confidential information was leaked, but they are unsure how it happened.
  15. Just under five percent said that sensitive and confidential information was maliciously leaked through email.
  16. Interestingly, 34.6 percent indicated that none of the above had happened in their organization. But as Osterman explained, many organizations don’t even realize that an attack has occurred until sometimes months later. And oftentimes, some businesses don’t necessarily feel the most comfortable actually admitting that something has happened.

Cybercriminals just keep getting smarter, their funding is getting larger, and there are more points of vulnerability opening in today’s digital world. Cyber risks are vast, but you (as a small business owner or HR professional) are the first line of defense.

Creating alternate means of communication, implementing security, encrypting wherever you can, and employing multi-factor authentication are all great steps in warding off cyber risks.

Equip your staff with knowledge and stay compliant.

With PrimePay’s HR Advisory Advanced solution, you’ll get access to hundreds of employee training courses to implement – including one on cybersecurity. Not to mention, you can use federal and state handbook builders and chat with live advisors and receive written follow-ups on complex issues.

Learn more now and fill out the form below.