Small Business Cybersecurity in 2020: By The Numbers

Small business cybersecurity has never been a more active topic than in 2020. We're delighted to see the increase in attention on the needs of small businesses when it comes to cybersecurity, but we're concerned but what appears to be an accelerating trends that put small businesses at risk.  As we look back on 2020, here are some of the statistics that helped to drive our urgency around protecting as many small businesses as we can, as fast as we can.

Small Business Cybersecurity in 2020 - Key Statistics

1. 22% of small businesses have suffered a security breach due to a remote worker (source: Malwarebytes). When paired with the tremendous outflow of office workers from their traditional office environment, into their homes, this statistic is troubling.  It speaks to the new threat exposure that hackers have found attractive about the change in ways that we've done business since the outbreak of COVID-19.
2. 67% of small businesses said they'd devote more resources to cybersecurity (source: securitymagazine.com). Small businesses are already under tremendous economic pressure.  Many are struggling to survive.  However, in the face of all of the unique challenges that 2020 has brought forth, it's clear that small businesses view cybersecurity threats as one of their top concerns.
3. The average small business had 43 user profiles on the dark web (source: havocshield.com). One very practical way to guage the risk profile of small businesses, is to scan the dark web for employees who have user profiles on the dark web.  Meaning, employees whose usernames and/or passwords to at least one service they rely on, is circulating in dark web databases.  By that measure, times are tough, given this statistic.
4. Only 29% of small businesses require 2 factor authentication (source: themanifest.com). Whoa, this one surprised us! Most companies have readily-available access to require 2FA on the services that they rely on. With only 29% of small businesses reaping the full benefits of 2FA, the risk exposure to the rest is alarming.
5. NIST Has received 17971 new CVEs so far in 2020, as of December 26, 2020 (source: nist.gov). Small businesses rely on Windows, Mac, Android, iPhone, Office, and all of the other types of solutions that you'd expect.  Bad news: the inflow of CVEs from those and other systems maintained the trend we're all familiar with: hundreds of newly-documented vulnerabilities with each new week.
6. 28% of data breaches in 2020 involved small businesses (source: Verizon). The cost of trying to mitigate the damage of a data breach is enough to cause many small businesses to close their doors. So, the 28% of data breaches that involved a small business is something that should concern us all.
7. Ransomware attacks are up 20% (source: SonicWall). As we've mentioned on this blog numerous times in numerous ways, small businesses almost never have dedicated cybersecurity staff.  So, when a ransomware incident hits, they are often faced with trying to navigate the attack on their own, with no experienced personnel at their side.  The rate of increase in ransomware attacks stands to damage small businesses in an outsized way, even more than their larger counterparts.

It's clear that much work remains to be done in the years to come, to give small businesses the level of cybersecurity protection they deserve.  Small business cybersecurity will continue to be our focus at Havoc Shield, and if you know a small business that needs our help, we're glad to spring into action.