Key Takeaways
- 43% of small businesses report they had experienced a data breach in the past 12 months
- 28% of breaches in the Verizon Data Breach Investigations Report (DBIR) involved small organizations
- 72% of breaches in the Verizon DBIR involved a human element (social engineering or other human action)
- 39% of small businesses do not patch systems or do so only occasionally (survey estimate)
- 33% of small businesses use encryption for data in transit (survey estimate)
- 50% of small businesses use antivirus software on endpoints (survey estimate)
- 1 in 5 organizations paid ransom in 2023 (Coveware/industry reports estimate)
- $5.2 billion total costs from cybercrime for the year 2021 globally (Cybersecurity Ventures / other global cybercrime cost studies)
- 68% of SMBs cannot detect a breach quickly (survey-based detection confidence)
- 44% of breaches involved a web application where attackers leveraged application-layer weaknesses (Verizon DBIR)
- 58% of breaches were discovered by an external party (Verizon DBIR)
Small businesses face frequent breaches driven by people and stolen credentials, with weak patching and backups compounding ransomware risk.
Related reading
01 · Category
Industry Trends23 stats
Industry Trends Interpretation
02 · Category
User Adoption12 stats
User Adoption Interpretation
More related reading
03 · Category
Cost Analysis2 stats
Cost Analysis Interpretation
04 · Category
Performance Metrics10 stats
Performance Metrics Interpretation
Cite This Report
This report is designed to be cited. We maintain stable URLs and versioned verification dates. Copy the format appropriate for your publication below.
Marcus Afolabi. (2026, February 13). Small Business Cyber Security Statistics. Gitnux. https://gitnux.org/small-business-cyber-security-statistics
Marcus Afolabi. "Small Business Cyber Security Statistics." Gitnux, 13 Feb 2026, https://gitnux.org/small-business-cyber-security-statistics.
Marcus Afolabi. 2026. "Small Business Cyber Security Statistics." Gitnux. https://gitnux.org/small-business-cyber-security-statistics.
Sources & references
27 datasets cited across this report · attribution is report-level
+14 additional datasets cited (not shown individually)

