BBB Business Tip: Nine data privacy stats small businesses should know

BBB Business Tip: Nine data privacy stats small businesses should know

As a business owner, protecting your company and your clients’ data is a huge concern. With data breaches on the rise, it’s clear that hackers are constantly on the lookout for opportunities to steal sensitive information. On the flip side, consumers, eager to avoid data breaches, are becoming more selective about who they trust with their personal information and business in general.

Even if you prioritize protecting your clients’ data, you could you still be vulnerable to an attack. Keeping an eye on the latest data privacy news and statistics can help you identify ways to protect yourself and your customers. Even if you don’t have the security budget of a Fortune 500 company, there are plenty of steps you can take to secure your organization’s data.

Nine crucial data privacy stats for small businesses

1. More than 80% of security breaches involved a human element

Most of these breaches involve employees falling for phishing or pretexting attacks, sometimes in the form of business email compromises. The takeaway for business owners should be that having a strong cybersecurity awareness program for your staff is critical.

2. Only 50% of U.S. businesses have a cybersecurity plan

Many small businesses claim they don’t have the resources to put a cybersecurity plan in place, leaving their company vulnerable to attacks. Cybercriminals don’t just attack large corporations, so it’s imperative more small businesses implement cybersecurity plans. The FTC offers free business guidance for small business owners with practical tips to help you come up with a personalized plan.

3. The average cost of a data breach reached an all-time high in 2022

The average cost of a data breach was $4.35 million, up from $4.24 million the previous year. It’s worth noting that in the U.S., the average cost of a data breach is much higher, averaging $9.44 million. Clearly, protecting your business from an attack is worth the expense.

4. Eight out of 10 organizations are likely to have at least one employee fall victim to a phishing attempt

This assessment showed that more people are vulnerable to phishing attacks than you might think. Not only did eight out of 10 organizations have at least one individual fall victim to a phishing attempt, one out of 10 phishing emails had a user interact with a malicious link. In fact, within 10 minutes of receiving a malicious email, 84% of employees took the bait. They either interacted with a spoofed link or attachment or replied with sensitive information. For business owners, this means phishing awareness should be a key part of your cybersecurity program.

5. In the first quarter of 2022 alone, $329 million dollars were lost to cryptocurrency scams, a number that continues to rise.

With cryptocurrency's rise in popularity, there have been an increasing number of investment scams in recent years, which have caused real financial damage to those affected. Since the start of 2022, more than $3.5 billion dollars in crypto has been lost to scams, mainly through investment-related frauds. Business owners should stay alert to this kind of scam, especially if they deal in cryptocurrency.

6. A fifth of software has a severe security flaw

According to recent reports, 19% of software scanned in the past year revealed “high or critical” level security flaws, with older software displaying more issues than newer software. Business owners should be aware of this issue and use software that is regularly updated with security patches.

7. 45% of data breaches happen in the cloud

Long gone are the days of small businesses keeping all their data in filing cabinets. However, just because your business stores customer data and other important information in a cloud-based service does not mean it's guaranteed to be secure. In fact, nearly half of all 2022 data breaches happened in the cloud. When evaluating and using cloud services, be sure to keep security in mind. 

8. More than 80% of basic web application attacks (i.e. web servers) are due to stolen credentials.

Stolen credentials are tried-and-true methods scammers use to gain access to an organization. This data shows that password protection should be a serious concern for business owners and their employees.

9. It took an average of about nine months to identify and contain a data breach in 2022

On average, it takes approximately 277 days for a business to identify and contain a breach. This timeline can have a significant impact on a business’s bottom line and reputation. Business owners who have protocols in place to spot a data breach early can save a considerable amount of money.

Protect your business and customers

Read more about protecting your business from cyber threats in BBB's cybersecurity HQ and check out these online security resources for your business. Learn more about ID theft and how to protect yourself.

BBB is committed to helping businesses and consumers stay safe from potential cyber threats. You can report any suspicious activities to the BBB Scam Tracker and learn more about the different types of common scams on BBB.org Scam Tips.