Notice: This website is not optimized for your current browser.

Please take action to ensure continued access to FirstRepublic.com. We will be discontinuing service to older web browsers with outdated security settings. Please update to the latest version of Google Chrome, Internet Explorer, Safari or Firefox. For assistance, please call (888) 372-4891.

Seven Surprising Statistics on Small Business Data Theft

Al Gomez, Contributor, Business2Community
December 20, 2016

These may not be alarming numbers if you’re an average online user. But to businesses — especially small, local ones — it could mean the difference between income and bankruptcy.

Every day, hundreds to thousands of small businesses are exposed to email threats, malicious software or spam bots. Intellectual property and trade secrets are compromised. Startups are forced to close due to leaks in sensitive data.

If you’re a small business owner, it’s time to take data theft seriously. Here’s why.

1) 62 percent of data theft victims are small to mid-size businesses.

You may be thinking: Why pick on small companies? They’re not lucrative and they hardly have any assets.

But to cybercriminals, it’s the type of data that matters — not the organizational size. Even little tech startups could hold delicious data such as customer contact details, credit card information or intellectual property. Add the fact that most subject matter experts (SMEs) are not well-protected and the heist gets easier.

Now what? Include cybersecurity in your to-do list. Allot a budget just for this purpose. Don’t think that just because you’re a restaurant or a novelty shop that you won’t be at risk of data theft.

2) Small businesses shell out an average of $38,000 to recover from a single data breach.

Imagine where else you could be spending that amount: a company retreat, bonuses for your employees, cash to buy better equipment, etc.

But what is $38,000 for? Aside from system and infrastructure upgrades, this sum also goes to consultancy expenses as well as future breach prevention measures. Not to mention costs for damaged reputation.

Now what? It only takes a second for reputation to be ruined. Avoid losing current and potential clients by investing in regular system checks to ensure data safety. If your business doesn’t have an IT department, consider hiring a specialist. If you already have one, confirm that they are updated with the latest in data theft knowledge, prevention and crisis management.

3) 40 percent of data breaches were caused by external intrusions.

External intrusions are third parties with access to your network or employee personal devices connecting to company networks.

Access in the vendor or partner side for example, may not be as secure as your company’s. So even if you take extra precautions to keep information safe, if people you interact with don’t, you may still be compromised.

Another danger is employees constantly using personal devices in your network. If not monitored or controlled, they may be bringing in malicious apps without their knowledge.

Now what? Investing in secure networks, such as VPNs or Virtual Private Networks, is a good idea.

4) Companies worldwide lose as much as $3.5 trillion due to occupational fraud and abuse.

According to the Association of Certified Fraud Examiners (ACFE), occupational fraud refers to the "the use of one’s occupation for personal enrichment through the deliberate misuse or misapplication of the organization’s resources or assets." Also known as internal fraud, this occurs inside the company and can often be difficult to detect.

But why does this happen? Sometimes, the people who work for you may feel corrupted or have a conflict of interest over time. Thus, they may use business property and/or information (such as copyright material or cash) for their own purposes.

Now what? One of the ways to prevent data theft by employees is to be particular about background checks. Do consult the SBA official website for a list of pre-employment background check basics.

5) 72 percent of businesses that suffer major data theft shut down within 24 months.

What’s even scarier is that some of these cybersecurity threats are not even due to hacking.

Several involve negligence in backing up data or installing vulnerable applications. If a good chunk of sensitive information has been risked, it’s possible that trying to repair damages would eat up a huge amount of your budget.

Small businesses that are not able to gain back such losses could contribute to their early demise.

Now what? Have a separate fund for data theft emergencies. Ensure that you separate your business financial accounts from your personal finances. This practice helps keep track of transactions easily. Plenty of banks now offer real-time activity checks, so don’t forget to ask if your financial institution offers such services.

6) Targeted attacks increased by 91 percent and lasted an average of three times longer.

Both large and small companies will always be at risk of data theft. However, as cybercriminals always upgrade their methods of attack, SMEs are at a higher danger due to lack of security measures.

If online assaults become stronger, it’s only logical for small businesses to be just as protected as larger enterprises. After all, both hold valuable amounts of data.

7) Good news: 22 percent of small businesses planned to increase cybersecurity in 2015.

More and more SMEs are realizing the significance of cybersecurity. Twenty-two percent of small businesses planned on boosting their online security measures in 2015, up from 15 percent in 2014. This initiative is most likely brought about by fears of malware and employee error.

Although anti-virus software and spyware detection services can help reduce these threats, investing and securing your IT infrastructure would better prevent future data theft.

Now what? If you’re planning on increasing cybersecurity plans this year, be sure to educate your staff — especially those who would be handling sensitive information. Employ concrete policies that everyone agrees with. Schedule standard training sessions to ensure employees are knowledgeable about recent threats. After all, they are your first line of defense.

Information is now the most valuable asset in the world. It doesn’t matter whether you’re a small business owner or a regular online user. Take the initiative to defend yourself from cyber criminals. As technology expands, cyber crimes are expected to grow in numbers, too.


This article was written by Al Gomez from Business2Community and was legally licensed through the NewsCred publisher network.

The information in this article is presented as-is and does not necessarily represent the views of First Republic Bank.