Seventy percent of small businesses believe they are ready to protect against a cyberattack or recover from a data breach. This fact is among the findings in the 2022 Business Impact Report recently published by the Identity Theft Resource Center® (ITRC), its second annual report on the impacts of identity crimes and cyberattacks on small businesses and solopreneurs.
According to the responses, cybersecurity incidents targeting small businesses increased by 61% during the pandemic years 2020 and 2021 but have dropped slightly in the past 12 months. Fewer than half (45%) of small businesses reported a security breach, data breach or both, down from the 58% that reported a cybercrime in the 2021 report.
Overall, more than 45% of small businesses lost revenue due to a cybercrime. Generally, small businesses lost less money as a result of a cyber incident in the last year, with one key exception — victims of social media account takeover. (Companies paying less than $250,000 grew by 11 percentage points; businesses paying $250,000–$500,000 dropped six points over the previous year.) In fact, 50% of small businesses surveyed reported losing control of a social media account to a cybercriminal, with 87% of the victims losing revenue generated by the account. More than one-third (34%) of victims lost between $1,000 and $10,000.
Fewer small businesses reported experiencing a data breach in the past 12 months (23%), a two-percentage point decrease from 2021. However, the number of small businesses reporting a first-time breach jumped 17 points from 2021. Nearly 30% of small businesses lost customer trust and had difficulty responding to customer concerns. More than 40% of small businesses struggled to understand what happened and why it happened. After investing in more security tools and training, 70% of small businesses said they were ready to protect against a cyberattack or recover from a data breach.
Another notable finding in the “2022 Business Impact Report” is that small businesses relied more on cyber insurance and existing credit lines to cover the costs associated with a data or security breach (40% — a 12 percentage point jump in using insurance proceeds and a seven-point increase in existing credit use). Also, 35% of small businesses reported returning to pre-breach performance levels within one year, a 13-percentage point increase. Most companies (41%) still required one to two years to fully recover.
Data Breaches
What data was compromised | 2021 | 2022 |
Customer/Consumer data | 49% | 50% |
Employ ee data | 51% | 52% |
Company intellectual property | 16% | 26% |
All of the above | 0% | 24% |
Social Media Attacks
Which accounts were compromised | |
38% | |
31% | |
YouTube | 11% |
6% | |
TikTok | 6% |
5% | |
Snapchat | 3% |
Google Voice | 1% |
Revenue loss as a result of the social media takeover | |
Less than $100 | 18% |
$101–$250 | 11% |
$251–$500 | 18% |
$501–$1,000 | 14% |
$1,001–$2,500 | 9% |
$2,501–$5,000 | 12% |
$5,001–$10,000 | 13% |
More than $10,000 | 5% |
Other | 1% |
How long to recover compromised accounts | |
Less than 1 day | 10% |
2–7 days | 43% |
8–30 days | 36% |
Still not resolved | 7% |
Could not recover the account | 4% |
Source: bit.ly/3FYgjZo
The ITRC, with the assistance of SurveyMonkey, conducted two online surveys in August and September 2022 to explore the impacts of cybercrimes on small businesses as defined by the U.S. Small Business Administration. Questionnaires were completed by 447 individuals that met the criteria of being a person in a leadership position or an IT professional at a company of 500 or fewer employees, including solopreneurs.
Founded in 1999, the Identity Theft Resource Center® (ITRC) is a national nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime. It offers a range of low and no-cost tools to help small businesses.
Through public and private support, the ITRC provides no-cost victim assistance and consumer education through its website live-chat and toll-free phone number, and offers help to specific populations, including the deaf/hard of hearing and blind/low vision communities. The organization also equips consumers and businesses with information about recent data breaches through its data breach tracking tool, notified.