Cybersecurity Breaches and Impacts

In an increasingly digital world, small businesses face significant challenges related to cybersecurity. The following statistics highlight the prevalence and financial impact of cyber incidents on these businesses.

1. 81% of small businesses reported suffering a security breach, a data breach, or both in the past year. (Identity Theft Resource Center)

2. AI-powered attacks were identified as a root cause in more than 40% of small business cyber events. (Identity Theft Resource Center)

3. In 2025, more than 80% of small businesses reported being victims of cybercrime. (Identity Theft Resource Center)

4. 62.5% of small businesses that suffered a breach reported a total financial impact of more than $250,000 in 2025. (Identity Theft Resource Center)

5. 36.7% of victims among breached small businesses faced costs exceeding $500,000. (Identity Theft Resource Center)

6. In 2025, only 38.4% of small business leaders felt 'very prepared' for a cyberattack, down from 56.5% in 2024. (Identity Theft Resource Center)

7. The implementation of critical security measures among small businesses declined from 33.6% in 2024 to 27.2% in 2025. (Identity Theft Resource Center)

8. 38.3% of small business leaders reported raising prices to address the financial impacts of a cyber incident. (Identity Theft Resource Center)

Business Perceptions and Preparedness

Despite the high risks, many small businesses still underestimate their vulnerability. Here are some insights into their perceptions and preparations regarding cybersecurity.

9. 57% of small and medium-sized businesses (SMBs) feel at a disadvantage compared to larger enterprises due to limited resources. (Verizon)

10. 50% of larger enterprises provide comprehensive AI risk training compared to 39% of small and medium-sized businesses. (Verizon)

11. 83% of small businesses plan to invest in cybersecurity in the next 12 months. (Clutch)

12. 58% of companies with fewer than 200 employees have faced a cyber attack. (Clutch)

13. 77% of small business leaders are concerned about phishing and impersonation scams powered by AI. (Clutch)

14. 13% of small businesses believe they are less vulnerable to cyber attacks, despite the risks. (Clutch)

15. 73% of small businesses have experienced a cyber attack. 75% of those attacks occurred within the past year. (Clutch)

Consumer Expectations and Reactions

Consumers have high expectations for the digital security of small businesses and are quick to react to breaches. The following statistics reveal consumer sentiments regarding data security in small businesses.

16. When faced with data breaches at both a large corporation and a small business, 1 in 3 (34%) Gen Z and Millennials say they would stop shopping with both entirely. (GoDaddy)

17. When faced with data breaches at both a large corporation and a small business, 27% of Gen X and Boomers say they would stop shopping with both entirely. (GoDaddy)

18. Most consumers (68%) expect small businesses to maintain the same level of digital security as large corporations or better. (GoDaddy)

Fraud and AI Concerns

Fraud remains a significant issue for small business owners, particularly with the rise of AI-driven scams. The following statistics underscore the concerns and actions being taken by small businesses.

19. Small business owners reported using specific methods to stay ahead of threats: multi-factor authentication (44%), transaction notifications (39%), and fraud alert services from credit bureaus (39%). (Abrigo)

20. Small business owners have a generally positive attitude toward AI-based fraud protection at 69%. (Abrigo)

21. 50% of small business owners report that their financial institutions use AI-powered fraud detection tools. (Abrigo)

22. Small business owners reported a higher ability to fully recover from fraud (83%) compared to non-owners (74%). (Abrigo)

23. 85% of small business owners said they are extremely, very, or moderately concerned about rising AI-driven fraud. (Abrigo)

24. 85% of small business owners report satisfaction with their bank or credit union’s response to fraud. (Abrigo)

25. 74% of small business owners are more likely to reduce their banking engagement, such as credit card use or bank use, if defrauded. (Abrigo)

26. 40% of small business owners have experienced AI-driven fraud personally. (Abrigo)

27. 37% of small business owners have had checks stolen from mailboxes, indicating check fraud is a challenge. (Abrigo)

28. More than 57% of small business owners (SBOs) have experienced fraud. (Abrigo)

29. Only 16% of small business owners feel extremely prepared against fraud. (Abrigo)

Investment and Resource Challenges

Many small businesses recognize the need for improved cybersecurity but face challenges in implementing effective measures. These statistics illustrate the gaps and barriers in investment and resource allocation.

30. Small and mid-sized businesses (SMBs) in the $4M-$8M range were the most frequently targeted. (Black Kite)

31. Less than half (49%) of SMBs intend to invest in cybersecurity technology. (Kinetic Business)

32. More than half (52%) of SMBs said they are not very confident in their ability to manage a cybersecurity threat. (Kinetic Business)

33. A majority (59%) of SMBs said their business needs to improve its cybersecurity and compliance in 2025. (Kinetic Business)

34. Over half of SMBs (52%) surveyed reported not having the resources to implement better security technology. (Kinetic Business)

Middle Market Insights

The middle market segment presents unique challenges and opportunities for small businesses, particularly in cybersecurity governance and risk management. The following statistics provide insights into this segment.

35. A smaller share of Canadian middle market firms indicate they don't have AI governance in place compared to U.S. respondents (5% versus 20%). (RSM US LLP)

36. Positive responses regarding familiarity with cyber insurance policy coverages among smaller middle market firms decreased to 51% from 66% last year. (RSM US LLP)

37. 12% of respondents from smaller middle market firms (with revenue between $10 million to less than $50 million) reported a breach. (RSM US LLP)

38. 15% of smaller middle market organizations reported at least one ransomware attack or request. (RSM US LLP)

39. 34% of smaller middle market companies noted that AI governance steps are not yet in place. (RSM US LLP)

40. Only 46% of larger and 37% of smaller middle market companies reported collaborating with external partners for coordinated resilience planning. (RSM US LLP)

41. Larger middle market companies were twice as likely than smaller middle market companies to suffer a breach in the past year. (RSM US LLP)

42. While most respondents from smaller middle market companies cited having 0-5 internal personnel focused on data security and privacy, 36% of larger middle market organizations reported having 6-10 employees and another 36% said they have 11-15 employees in this area. (RSM US LLP)

Ransomware and Threat Landscape

The threat of ransomware and other malicious activities remains a major concern for small businesses. The following statistics illustrate the extent of these threats and their implications.

43. Ransomware and data theft attempts accounted for nearly 30 percent of all Sophos Managed Detection and Response (MDR) tracked incidents for small and midsized businesses. (Sophos)

44. Over a third of all incidents involving intrusion into smaller organizations have systems on the network edge as the initial point of compromise. (Sophos)

45. Ransomware cases accounted for 70 percent of Sophos Incident Response cases for small business customers in 2024. (Sophos)