In its most recent Cost of a Data Breach Report, IBM Security and Ponemon Institute found 83% of organizations they studied experienced more than one breach between March 2021 and March 2022. Only 17% of organizations said they’d never been breached before, underscoring how common data breaches have become.
The report also reveals the global average cost of a data breach reached $4.35 million—“an all-time high.” In the United States, the average cost hit $9.44 million.
The pandemic spurred many businesses to adopt remote work. Many met the logistical challenges of workers communicating and collaborating remotely. Unfortunately, these same businesses often failed to prioritize increased cyber security risks—particularly small and medium-sized businesses (SMBs), which often lack money and technical know-how to fortify data security.
At ProWriters, we know your business clients, especially SMBs, may not fully appreciate the possibility that cyber security breaches could happen to them.
Read on for data breach statistics that prove otherwise. You’ll also get information you can share with your clients about common cyber attacks and how Cyber Insurance can help protect them.
Why Don’t More SMBs Take Data Breaches More Seriously?
Too many SMBs assume cyber criminals must have “bigger fish to fry.” In reality, threat actors see SMBs as softer targets than larger ones.
Several data breach statistics suggest the bad guys’ perception is correct.
- More than three-quarters (76%) of SMBs in automation company Connectwise’s State of SMB Cybersecurity in 2022 “have been impacted by at least one cyber security attack,” up from the 55% reporting an impact in 2020.
- The 2021 edition of IBM and Ponemon’s report found the average cost of a data breach for small businesses (fewer than 500 employees) was $2.98 million. The average cost of a breach was only slightly lower for businesses with 500-1,000 employees ($2.63 million), but jumped to $4.09 million for businesses with 1,001-5,000 employees.
- The per-record cost of a data breach was $164 in 2022, the highest cost in seven years, per IBM and Ponemon.
Data breach costs are greater than most small businesses anticipate. Only 28% of small-business owners responding to a 2021 CNBC/Momentive survey reported having a cyber incident response plan. Only 26% carried Cyber Insurance.
Denial—the natural tendency to bury our heads in the sand—accounts for some of this overconfidence. But SMBs also often don’t recognize how routine business processes put them at risk.
For instance, a small business might say, “We outsource payment processing. We don’t keep credit card numbers or other sensitive information on our computers.”
What this SMB doesn’t realize is the fact that, while payment processing can be outsourced, liability cannot. Businesses bear responsibility for any damages associated with a third-party data breach.
More Data Breach Statistics Your Clients Need to Know
Around the world in 2022, cyber attacks increased 38% over 2021. The rate of attacks isn’t expected to decrease this year—and neither are cyber security breach costs. Researcher and publisher Cybersecurity Ventures forecasts the global annual cost of cyber crime will reach $8 trillion in 2023. Resulting damages will climb to $10.5 trillion.
While your business clients should take all possible threats seriously, three of the most common types of attacks are:
In IBM and Ponemon’s 2022 study, 11% of organizations experienced ransomware attacks. The average cost, not including the ransom payment itself? $4.54 million. The International Association of Privacy Professionals anticipates global ransomware damages will exceed $30 billion in 2023.
- Social Engineering Attacks
The rise of remote work resulted in an increase of social engineering attacks. Attackers take advantage of human interaction and human error to gain access to files and critical infrastructures. From phishing emails with deceptive links to more involved impersonation schemes, “human hacking” jumped 270% in 2021 and continues to threaten businesses.
- Denial-of-Service (DoS) Attacks
In a DoS attack, a malicious source overwhelms a targeted server or network with traffic, crashing it and denying legitimate users access. In a distributed denial-of-service (DDoS) attack, traffic comes from multiple locations, making it even harder to stop. DDoS attacks had a “breakout year” in 2022, according to cyber security research website Comparitech. Attacks happen more often and last longer—50 hours, on average.
Find Out the Real Cost to Cyber Exposure
Download our branded version, or add your logo to our FREE white-label version and send it directly to your clients to encourage them to act fast and get protected with a cyber policy.
Cyber Insurance Saves Businesses Expense and Frustration
ProWriters urges you to urge your clients to acquire Cyber Liability Insurance as a key element of their cyber security plan.
A dedicated Cyber Insurance policy will cover the first- and third-party costs of a data breach. Policies also often give businesses access to risk management services as well as post-breach services such as expert privacy lawyers and a PR team.
At ProWriters, we’ve been underwriting Cyber Insurance for more than 20 years. We can get you and your client with the right carrier, with the right coverage, at the right price.
For more information, download our free report, The Six-Step Guide to Becoming Your Clients’ Cyber Expert.