7 Shocking Statistics on Small Business Data Theft

According to the 2016 Internet Security Threat Report from Symantec, total online security breaches are up by 2 percent since 2014. Breaches with more than 10 million identities exposed rose by 125 percent, and 431 malware variants have been added in 2015.

These may not be alarming numbers if you’re an average online user. But to businesses – especially small, local ones – it could mean the difference between income and bankruptcy.

Everyday, hundreds to thousands of small businesses are exposed to email threats, malicious software, or spam bots. Intellectual property and trade secrets are compromised. Startups are forced to close due to leak in sensitive data.

If you’re a small business owner, it’s time to take data theft seriously. Here’s why.

1) 62 percent of data theft victims are small to mid-size businesses.

You may be thinking: why pick on small companies? They’re not lucrative and they hardly have any assets.

But to cybercriminals, it’s the TYPE OF DATA that matter – not organization size. Even little tech startups could hold delicious data such as customer contact details, credit card information, or intellectual property. Add the fact that most SMEs are not well-protected and the heist gets easier.

Small Business Data Theft

Now What? Include cyber security in your to-do list. Allot a budget just for this purpose. Don’t think that just because you’re a restaurant or a novelty shop that you won’t be at risk of data theft.

2) Small businesses shell out an average of $38,000 to recover from a single data breach.

Imagine where else you could be spending that amount: a company retreat, bonuses for your employees, cash to buy better equipment, etc.

But what is $38,000 for? Aside from system and infrastructure upgrades, this sum also goes to consultancy expenses as well as future breach prevention measures. Not to mention costs for damaged reputation.

Small Business Data Theft

Now What? It only takes a second for reputation to be ruined. Avoid losing current and potential clients by investing in regular system checks to ensure data safety. If your business doesn’t have an IT department, consider hiring a specialist. If you already have one, confirm that they are updated with the latest in data theft knowledge, prevention, and crisis management.

3) 40 percent of data breaches were caused by external intrusions.

External intrusions are third parties with access to your network OR employee personal devices connecting to company networks.

Access in the vendor or partner side for example, may not be as secure as your company’s. So even if you take extra precautions to keep information safe, if people you interact with don’t, you may still be compromised.

Another danger is employees constantly using personal devices in your network. If not monitored or controlled, they may be bringing in malicious apps without their knowledge.

Now What? Investing in secure networks, such as VPNs or Virtual Private Networks, is a good idea.


Basically, it keeps unauthorized users from accessing data while you connect to your company’s servers.

4) Companies worldwide lose as much as $3.5 trillion due to occupational fraud and abuse.

According to the Association of Certified Fraud Examiners (ACFE), occupational fraud refers to the ‘the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the organization’s resources or assets’. Also known as internal fraud, this occurs inside the company and can often be difficult to detect.

But why does this happen? Sometimes, the people who work for you may feel corrupted or have a conflict of interest over time. Thus, they may use business property and/or information (such as copyright material or cash) for their own purposes.

Small Business Data Theft

Now What? One of the ways to prevent data theft by employees is to be particular about background checks. Do consult the SBA official website for a list of pre-employment background check basics.

5) 72 percent of businesses that suffer major data theft shut down within 24 months.

What’s even scarier is that some of these cyber security threats are not even due to hacking.

Several involve negligence in backing up data, or installing vulnerable applications. If a good chunk of sensitive information has been risked, it’s possible that trying to repair damages would eat up a huge amount of your budget.

Small businesses that are not able to gain back such losses could contribute to their early demise.

Small Business Data Theft

Now What? Have a separate fund for data theft emergencies. Ensure that you separate your business financial accounts from your personal finances. This practice helps keep track of transactions easily. Plenty of banks now offer real-time activity checks, so don’t forget to ask if your financial institution offers such services.

6) Targeted attacks increased by 91 percent and lasted an average of 3x longer.

Both large and small companies will always be at risk of data theft. However, as cybercriminals always upgrade their methods of attack, SMEs are at a higher danger due to lack of security measures.

If online assaults become stronger, it’s only logical for small businesses to be just as protected as larger enterprises. After all, both hold valuable amounts of data.

7) Good news: 22 percent of small businesses plan to increase cyber security in 2015.

More and more SMEs are realizing the significance of cyber security. Small businesses that are planning on boosting their online security measures are up from 15 percent in 2014. This initiative is most likely brought about by fears of malware and employee error.

Although anti-virus software and spyware detection services can help reduce these threats, investing and securing your IT infrastructure would better prevent future data theft.


Now What? If you’re planning on increasing cyber security plans this year, be sure to educate your staff – especially those who would be handling sensitive information. Employ concrete policies that everyone agrees with. Schedule standard training sessions to ensure employees are knowledgeable about recent threats. After all, they are your first line of defense.

Information is now the most valuable asset in the world. It doesn’t matter whether you’re a small business owner or a regular online user. Take the initiative to defend yourself from cybercriminals. As technology expands, cyber crimes are expected to grow in numbers, too.

Read more: Ticketfly Data Breach Impacts 26 Million User Accounts