top of page

Critical Statistics Every Business Should Know

critical statistics chart

Bluestreak™ Reading Time: 6 minutes

Cybersecurity Alert:

Critical Statistics Every Business Should Know


Given the increased threats of cybercrime, unauthorized access, and identity theft, enhanced cybersecurity is crucial in today's digital landscape. It involves a comprehensive approach that includes leveraging technology, implementing best practices, adopting NIST SP 800-171 & CMMC, and implementing safety measures to defend against various cyber threats like phishing, malware, ransomware, and more. This is especially important to small to mid-sized businesses (SMBs).


Critical Statistics Every Business Should Know These critical cybersecurity statistics should be a real eye-opener:

  • 82% of ransomware attacks in 2023 were against companies with less than 1,000 employees.

  • This is believed to result from a shift in tactics of cybercriminals that leverage ransomware. Attackers are turning away from mega-sized targets to focus on small or mid-sized companies since risk of exposure and arrest are generally not as great. RDP, or Remote Desktop Protocol compromise, which involves access to a system administrator or user password is the most common break-in method in these types of attacks. Password managers are a popular tool to protect credentials and prevent RDP compromise.

  • 37% of those companies hit by ransomware had fewer than 100 employees.

  • This highlights an alarming trend in cybersecurity: smaller businesses are increasingly becoming targets for ransomware attacks. This trend can be attributed to several factors:

  • Perceived Vulnerability: Hackers often target smaller businesses because they may lack enhanced cybersecurity measures compared to larger enterprises. SMBs may not have dedicated IT teams or sufficient resources to invest in cybersecurity infrastructure, making them more vulnerable targets.

  • Ease of Exploitation: SMBs may not prioritize cybersecurity training for employees or implement security protocols effectively. This lack of awareness and preparedness can make it easier for cybercriminals to exploit vulnerabilities within their systems.

  • Potential for Profit: While larger companies may offer bigger payouts, SMBs are still lucrative targets for cybercriminals. Ransom demands within the financial reach of smaller businesses are more likely to be paid, increasing the profitability of targeting them.

  • Supply Chain Attacks: SMBs are often part of larger supply chains, serving as potential entry points for attackers to infiltrate larger organizations. Cybercriminals may target smaller companies to gain access to their larger partners or clients.

  • Limited Resources for Recovery: Ransomware attacks can have devastating financial and operational consequences for SMBs, unlike larger enterprises with greater resources for recovery and mitigation. Cyber attacks can be so costly that 50% of SMBs just can’t recover. (This is why Cyber Insurance is so critical).

  • SMBs received the highest rate of targeted malicious emails at 1 in 323.

  • These threats, including phishing, spam, and email malware, are most commonly aimed at businesses with fewer than 250 employees. 1 in 323 emails to SMBs of this size is malicious, a lot considering the average office worker receives 121 emails per day. 

  • Only 17% of SMBs have cyber insurance.

  • A survey of U.S. SMBs from late 2022 found that only 17% had insurance to cover costs in the event of a cyber breach. It also found that 48% of those companies did not purchase insurance until after an attack, and 64 percent of all respondents were not familiar with cyber insurance.

  • 61% of SMBs were the target of a cyberattack in 2023.

  • Not all of these attacks achieved their aim. But, the high percentage of targeted businesses shows how attackers are going after SMBs.

  • SMBs experience 350% more social engineering attacks than larger companies in 2023.

  • Social engineering attacks — including phishing, baiting, quid pro quo, pretexting, and tailgating, rely on human interaction and psychology to get targets to break normal security rules and practices. SMBs are particularly vulnerable. Those with fewer than 100 employees receive 350% more threats than larger companies. CEOs and CFOs are popular targets, as are executive assistants with access to the accounts of high-level company members.

  • 95% of cybersecurity incidents at SMBs cost the company between $826 and $653,587 and up.

  • Costs can spiral due to downtime, lost business, emergency solutions, legal and regulatory fines, etc. SMBs are frequently without emergency funds or insurance to cover the expenses. 

  • If you are hit with ransomware, DO NOT PAY THE MONEY.

  • Many times when the SMB does pay the ransom, there’s no guarantee you will get back your and your customer’s data. The majority do not get their data back.  Plus, you would be funding their ongoing nefarious activities. 


To help your business navigate these previously uncharted waters, Bluestreak Conpliance™ has CMMC Registered Practitioners and Registered Practitioner "Advanced" on staff, ensuring expertise and proficiency in CMMC compliance and cybersecurity practices.  And, with discounted rates for SMB’s.


About the Author

Joe Coleman is the Cyber Security Officer for Bluestreak Consulting™, a division of Throughput | Bluestreak | Bright AM™. Joe is a Certified CMMC-RPA (Registered Practitioner Advanced).

Joe has over 35 years of diverse manufacturing and engineering experience. His background includes extensive training in cybersecurity, DFARS, NIST SP 800-171, and CMMC, a career as a machinist, machining manager, early additive manufacturing (AM) pioneer, and production control/quality management software implementer/instructor. 

cover at of ebook to download

Contact Joe Coleman at or at 513-900-7934 for any questions and a free consultation, with a complimentary detailed compliance eBook

About Bluestreak™:

Bluestreak™ is a powerful Manufacturing Execution System (MES) and a fully integrated Quality Management System (QMS), designed for the manufacturing environment and service-based manufacturing companies ( metal-treating/powder-coating, plating, heat-treating, forging, and metal-finishing), businesses that receive customers’ parts, perform a process (service) on them, and send those parts back to the customer). Companies need MES software tailored to specific functionality and workflow needs such as industry-specific specifications management, intuitive scheduling control for staff and machinery maintenance, and the ability to manage work orders and track real-time data. If different work centers on the production floor aren’t “speaking” to each other via the MES, the data loses value and becomes disjointed or lost in disparate silos.

Bluestreak | Bright AM™ is an MES + QMS software solution specifically designed to manage and optimize the unique requirements of Additive Manufacturing’s production of parts and powder inventory usage.

12 views0 comments

Related Posts

See All


bottom of page