10 SMB Data Breach Statistics ~ Small Businesses ARE NOT Immune
- The number of recorded data breaches in 2021 has exceeded the total number of events 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020
- More than 60% of breaches result from misused, stolen or purchased credentials
- An estimated 85% of data breaches involve a human element.
- Phishing is the top threat action that results in a breach
- The number of breaches that involve ransomware has doubled
- 34% of data breaches involve internal actors
- Over 80% of breaches are discovered by external parties.
- An estimated 36% of organizations worldwide had a cloud data breach in the past 12 months
- 74% of organizations in the United States have fallen victim to a successful phishing attack that resulted in a data breach in the last 12 months
- The US is the leader in phishing-related data breaches for 2021 so far, with rates 30% higher than the global average, and 14% higher than the same period in 2020.
In this year’s IBM Cost of a Data Breach Report, researchers determined that the average cost of a breach in 2021 is estimated at $4.2 million per incident, the highest ever recorded in the 17 years of the study.
The cost of a data breach can change significantly depending upon the initial attack vectors including the top three most common: compromised credentials (20% of breaches), phishing (17%) and cloud misconfigurations (15%).
The cost of a breach can be impacted by the type of data stolen or leaked, like customer personally identifiable information – the most frequently breached and the most expensive at $180 per record.
The top country in the world for data breach costs in 2021 (so far) is the US with an average cost of $9.05 million.
Thanks to the hot market for COVID-19 data in 2020, medical data is in second place as the most desirable data to snatch, and healthcare at $9.23 million is the industry with the most expensive data breach costs.
Organizations that operate with 50% remote workers took an average of 316 days to identify and contain a data breach compared to the overall average of 287 days.
Companies supporting a remote or hybrid workforce experienced an increase of up to $1 million more when a data breach occurred, with the highest rates of $4.96 million in comparison to $3.89 million.