More than half of small businesses have had a cyber incident

Not only are small businesses targeted frequently, but three-fourths report being hit more than once.

Following an event, more than 40% of businesses needed one or two years to return to normal, while in excess of a quarter said it took three to five years to recover. (Credit: Bigstock)

Although small business owners might feel the size of their operations gives them immunity from cyberattacks, quite the contrary is true. Nearly 60% of small business owners have had data compromised, a security breach or both, according to a survey by The Identity Theft Resource Center (ITRC).

The survey also revealed that small businesses are frequently targeted, with 25% having had an incident in the past 12 months and 54% experiencing a cyber event during the past one-two years.

“The resources stolen by cybercriminals are the same resources needed to sustain or grow a business to keep families safe, healthy and financially secure,” Eva Velasquez, president and CEO of the ITRC, said in a release. “It is critical we share these eye-opening findings so everyone can better understand the impacts of identity crimes, particularly on people just trying to support their families and the families of their employees.”

Not only have more than half experienced an incident, three-fourths said they had more than one cyber event and one-third have had at least three, the center reported.

To recover from the events, 44% of small businesses spent $250,000-$500,000 to cover the costs, while 14% had to outlay $500,000 to $1 million. To cover these expenses, 36% of businesses owners had to incur debt and 34% raided cash reserves. Just shy of 30% turned to their cyber insurance to help cover the expenses.

Following an event, more than 40% of businesses needed one or two years to return to normal, while over 25% said it took three to five years to recover.

While most incidents are thought to be launched by hacker masterminds, ITRC found just 40% of breaches were a result of external threat actors. Malicious employees and contractors accounted for 35% of incidents, while remote workers were responsible for 25%. Third-party vendors, failure to secure cloud environments, software flaws and phishing schemes were also leading causes. Just 3% of data and security breaches were attributed to an unknown source.

Related: