top of page
Critial stat chart

Cybersecurity Alert:
Critical Statistics Every Business Should Know 

Given the increased threats of cybercrime, unauthorized access, and identity theft, enhanced cybersecurity is crucial in today's digital landscape. It involves a comprehensive approach that includes leveraging technology, implementing best practices, adopting NIST SP 800-171 & CMMC, and implementing safety measures to defend against various cyber threats like phishing, malware, ransomware, and more. This is especially important to small to mid-sized businesses (SMBs).


These critical cybersecurity statistics should be a real eye-opener:

  • 82% of ransomware attacks in 2023 were against companies with less than 1,000 employees.

    • This is believed to result from a shift in tactics of cybercriminals that leverage ransomware. Attackers are turning away from mega-sized targets to focus on small or mid-sized companies since risk of exposure and arrest are generally not as great. RDP, or Remote Desktop Protocol compromise, which involves access to a system administrator or user password is the most common break-in method in these types of attacks. Password managers are a popular tool to protect credentials and prevent RDP compromise.

  • 37% of those companies hit by ransomware had fewer than 100 employees.

    • This highlights an alarming trend in cybersecurity: smaller businesses are increasingly becoming targets for ransomware attacks. This trend can be attributed to several factors:

      • Perceived Vulnerability: Hackers often target smaller businesses because they may lack enhanced cybersecurity measures compared to larger enterprises. SMBs may not have dedicated IT teams or sufficient resources to invest in cybersecurity infrastructure, making them more vulnerable targets.

      • Ease of Exploitation: SMBs may not prioritize cybersecurity training for employees or implement security protocols effectively. This lack of awareness and preparedness can make it easier for cybercriminals to exploit vulnerabilities within their systems.

      • Potential for Profit: While larger companies may offer bigger payouts, SMBs are still lucrative targets for cybercriminals. Ransom demands within the financial reach of smaller businesses are more likely to be paid, increasing the profitability of targeting them.

      • Supply Chain Attacks: SMBs are often part of larger supply chains, serving as potential entry points for attackers to infiltrate larger organizations. Cybercriminals may target smaller companies with the goal of gaining access to their larger partners or clients.

      • Limited Resources for Recovery: Ransomware attacks can have devastating financial and operational consequences for SMBs, unlike larger enterprises with greater resources for recovery and mitigation. Cyber attacks can be so costly that 50% of SMBs just can’t recover. (This is why Cyber Insurance is so critical).

  • SMBs received the highest rate of targeted malicious emails at 1 in 323.

    • These threats, including phishing, spam, and email malware, are most commonly aimed at businesses with fewer than 250 employees. 1 in 323 emails to SMBs of this size is malicious, a lot considering the average office worker receives 121 emails per day. 

  • Only 17% of SMBs have cyber insurance.

    • A survey of U.S. SMBs from late 2022 found that only 17% had insurance to cover costs in the event of a cyber breach. It also found that 48% of those companies did not purchase insurance until after an attack, and 64 percent of all respondents were not familiar with cyber insurance.

  • 61% of SMBs were the target of a cyberattack in 2023.

    • Not all of these attacks achieved their aim. But, the high percentage of targeted businesses shows how attackers are going after SMBs.

  • SMBs experience 350% more social engineering attacks than larger companies in 2023.

    • Social engineering attacks — including phishing, baiting, quid pro quo, pretexting, and tailgating, rely on human interaction and psychology to get targets to break normal security rules and practices. SMBs are particularly vulnerable. Those with fewer than 100 employees receive 350% more threats than larger companies. CEOs and CFOs are popular targets, as are executive assistants with access to the accounts of high-level company members.

  • 95% of cybersecurity incidents at SMBs cost the company between $826 and $653,587 and up.

    • Costs can spiral due to downtime, lost business, emergency solutions, legal and regulatory fines, etc. SMBs are frequently without emergency funds or insurance to cover the expenses. 

  • If you are hit with ransomware, DO NOT PAY THE MONEY.

    • Many times when the SMB does pay the ransom, there’s no guarantee you will get back yours and your customer’s data. The majority do not get their data back.  Plus, you would be funding their ongoing nefarious activities. 


To help your business navigate these previously uncharted waters, Bluestreak Compliance™ has CMMC Registered Practitioners and Registered Practitioner "Advanced" on staff, ensuring expertise and proficiency in CMMC compliance and cybersecurity practices.  And, with discounted rates for SMB’s.

Let us help you secure your data and secure your future.

Joe Coleman Photo
bottom of page