Nearly three-quarters (73%) of US small business owners reported a cyber-attack last year, with employee and customer data most likely to be targeted in data breaches, according to the Identity Theft Resource Center (ITRC).
The non-profit’s 2023 Business Impact Report was compiled from interviews with 551 small business owners and employees.
It found that, despite experiencing a record number of attacks, most (85%) respondents said they were ready to respond to a cyber incident, up from 70% last year.
Yet relatively few are following cybersecurity best practices to help prevent a breach in the first place. Adoption rates for multi-factor authentication (MFA), mandatory strong passwords and role-based access for employees ranged from 20-34%.
Read more on ITRC data: US on Track For Record Number of Data Breaches
On the plus side, half (50%) of respondents claimed to have taken steps to prevent future breaches. Two-thirds (65%) said they’d provided new training for staff, and 53% implemented new security tools.
Although there was an increase of 4% in incidents costing breached organizations less than $250,000, the overall number of small businesses suffering a financial impact from a cyber-attack dropped three percentage points from last year to 42%.
However, more respondents said they saw other impacts, such as customers losing trust (32%) and higher employee turnover (32%).
ITRC president, Eva Velasquez, said the trends identified in the report follow similar patterns to others the non-profit has produced recently.
“We saw a spike in attacks in 2021 before a reduction last year due to the Russian invasion of Ukraine and disruption in the cryptocurrency markets. Identity crime markets have rebounded this year, leading to record levels of breaches, suicide rates, and business attacks,” she argued.
“The good news is that small business leaders are focused on data security and privacy protection. However, we still have a lot of work to do. We must accelerate the transition to newer protections and continue to develop new resources to assist victims based on solid research and unmistakable evidence.”