Small Businesses Pay Up to $1M to Recover from Breaches

Over half (58%) of US small businesses have suffered a security or data breach, with most paying hundreds of thousands of dollars to cover the costs, according to a new study from the Identity Theft Resource Center (ITRC).

According to the US Small Business Administration, there are nearly 32 million businesses with fewer than 500 employees. To find out more about how they’re impacted by cyber-attacks, the ITRC polled 417 small business owners.

The non-profit’s 2021 Business Aftermath Report revealed that many suffer a serious business impact from breaches.

Of those hit by a breach, three-quarters experienced at least two, and a third said they had suffered at least three incidents.

Over two-fifths (44%) spent $250,000-$500,000 to cover the costs of the breach, while 16% said they were forced to fork out between $500,000-$1m. 

Unsurprisingly, over a third (36%) admitted that this outlay put their business into debt, while a similar number (34%) said they had to dip into cash reserves to bail themselves out. A further 15% were forced to reduce headcount as a result.

The majority of respondents said it took them several years to recover from a breach.

“Behind all of these statistics are people. The resources stolen by cyber-criminals are the same resources needed to sustain or grow a business to keep families safe, healthy and financially secure,” said ITRC president and CEO, Eva Velasquez.

“These identity crimes are not just costing small businesses and solopreneurs a lot of money. It is also taking them a long time to put their business back on a path to growth.”

Two-fifths (42%) of respondents claimed it took 1-2 years to get back to normal after a breach, while for over a quarter (28%), the road to recovery lasted 3-5 years.

Interestingly, while 40% of attacks were traced to external threat actors, over a third (35%) were caused by malicious employees and contractors, the report found.

What’s Hot on Infosecurity Magazine?