Top 14 business cyber security statistics every CEO needs to know


Last year was undoubtedly the ‘year of the hack’. Numerous high-profile cyber attacks caused cybersecurity to enter into the public consciousness, making more and more people aware of the need to protect their businesses.

But how big is the threat to small businesses in the UK?

Knowing what you’re up against can help you be proactive with your IT security and better protect your business. So check out these small business cyber security statistics and start working on improving your cyber resilience today. (Pro tip: scroll down to see a text-only version with more details!) 

Pensar infographic Top 14 small business cyber security statistics every CEO needs to know v.1-01.png


1. In Q1 2017 a new malware strain was discovered every 4.2 seconds

[Source: G Data]

That’s approximately 1.8 million new malware strains, representing a 72.6 percent increase from Q1 2016.

Malware types continue to proliferate, testing the defences of small businesses worldwide. By the end of 2017, it is forecast that 7.41 million new malware strains will appear. This is up from 6.83 million in 2016.

2. 99 percent of computers are vulnerable to exploit kits

[Source: Heimdal Security]

Almost all computers are vulnerable to hacking exploit kits. These provide tools for people wanting to profit from cyber crime, often containing pre-written exploit codes that target users running insecure or outdated software on their computers.

Most computers run software such as Adobe Flash or Reader, software known to have critical weaknesses. This makes them easy targets for cybercriminals.

3. 52 percent of small businesses experienced cyber security breaches in the past year

[Source: Cyber Security breaches survey 2017, page 39]

As businesses grow in size, so too do the number of attempted cyber attacks they experience. It makes sense: the larger the target, the bigger the potential payoff for cyber criminals. Therefore, the more you grow, the more you need effective an IT security plan.

4. Cyber security breaches cost UK businesses approximately £30 billion in 2016

[Source: SC Media UK]

Research conducted by Beaming showed that that cyber security breaches cost businesses £29.1 billion last year.

It noted that although large organisations are a more likely target for cyber criminals, smaller businesses are more likely to experience catastrophic harm if an attack is successful. A single attack can break your small business, so prepare yourself.

5. Small firms only invested £2,600 in cyber security in 2017

[Source: Cyber Security breaches survey, page 21]

Considering how much businesses had to pay out last year due to cyber security breaches, this is a surprising figure. Small firms don’t appear willing to invest properly in their cyber defence; £2,600 is approximately how much it would cost just to get antivirus cover for your business. Nowadays, with cyber criminals becoming ever more inventive, this isn’t enough on its own.

6. 63 percent of small firms sought information, advice or guidance on cyber security

[Source: Cyber Security breaches survey 2017, page 9]

Considering how disastrous a breach could be for a small business, it’s good to see most of them are seeking advice on cyber security. In the realm of cyber security, knowledge is power. A good IT business partner can be your best weapon against threats.

7.  60 percent of small firms don’t know the source of the most disruptive cyber security breach or attack in the last twelve months

[Source: Cyber Security breaches survey 2017, page 50]

Small businesses should be proactive in their IT security. If you can anticipate and avoid any attacks, the likelihood of surviving one increases dramatically.

8. Only 39 percent of small firms have formal policies covering cyber security risks in 2017

[Source: Cyber Security Breaches Survey, page 31]

This is a worrying trend. Without a proper cyber security policy in place, you increase your risk of a suffering from a data breach or other cyber attack. If your staff don’t know how to handle data and IT systems safely, it’s only a matter of time before their mistakes allow hackers to breach your security.

9. Only 14 percent of small businesses have formal cyber security incident management processes in 2017

[Source: Cyber Security Breaches Survey, page 52]

Not only do less than half of small firms have policies to cover cyber security risks, less than a fifth of them have policies for when a breach occurs. This is very concerning. Not knowing what to do in the event of a breach can make it worse for your business. Cyber criminals can take advantage of this confusion, infiltrating your business further.

10. 25 percent of small firms gave their staff cyber security training in 2017

[Source: Cyber Security Breaches Survey, page 29]

We here at Pensar hope to see this figure rise in 2018. Unfortunately, UK workers fail to protect their data and devices in comparison to those in other countries, and businesses put productivity and convenience above security. This puts organisations and consumers at risk.

11. 72 percent of businesses have been affected by fraudulent emails

[Source: Cyber Security Breaches Survey, page 41]

When training is lax and knowledge minimal, it’s easier for cybercriminals to mount a successful attack on your business. Fraudulent emails should be relatively easy to spot but if your employees don’t know what they are looking for, breaches are likely.

12. 89 percent of cyber security policies are related to remote or mobile working

[Source: Cyber Security Breaches Survey 2017, page 32]

Mobile and remote working is increasingly becoming the norm, and more and more employers are allowing workers to bring their own devices to work. As these devices are less likely to have the same level of security as company-owned technology, they’re an attractive target for cyber criminals.

Here’s how to make mobile working safe.

13. 26 percent of organisations who suffered a breach have taken no action to prevent another attack

[Source: Cyber Security Breaches Survey 2017, page 55]

Thankfully, the majority of organisations in the UK do take steps to prevent another cyber attack.

14. On average, it takes 120 days for a business to discover a data breach

[Source: Institute of Directors]

That’s approximately four months of unfettered access to your data for any cyber criminal. In that amount of time, who knows the damage they could do to your business, or worse, your clients.

Preparation prevents potential attacks

The threat to small businesses from cyber criminals is real, but not insurmountable. Although a number of small businesses are complacent and don’t have their defences in order, you shouldn’t follow suit.

Lead by example. If you anticipate potential threats and prepare for them, you can keep your business safe.

New Call-to-action

4 encrypted email services that will protect your data and privacy
How to create a strong password: 8 essential tips