A recent report by the Identity Theft Resource Center (ITRC) reveals that small businesses in the United States are facing a surge in cyber-attacks, with nearly 73% of business owners reporting incidents in 2022. The attacks primarily targeted employee and customer data, emphasizing the critical need for enhanced cybersecurity measures.
Despite this rise in attacks, 85% of respondents claimed to be prepared to respond to cyber incidents, an improvement from the previous year’s 70%. However, the study also highlighted the insufficient adoption of best practices, such as multi-factor authentication (MFA), strong passwords, and role-based access, with compliance rates ranging from 20% to 34%.
Encouragingly, half of the respondents (50%) indicated they have taken steps to prevent future breaches, and two-thirds (65%) have provided additional cybersecurity training to their staff. Furthermore, 53% have implemented new security tools to bolster their defenses. While the report did show a 4% increase in cyber incidents costing organizations less than $250,000, there was a 3% decrease in the overall number of small businesses suffering financial impacts from cyber-attacks, reducing the figure to 42%.
However, other impacts have become more pronounced, with 32% of respondents noting customer trust issues, and an equal percentage experiencing higher employee turnover following cyber incidents. The ITRC president, Eva Velasquez, pointed out that these trends align with patterns seen in previous reports, emphasizing the urgency of addressing these issues.
She highlighted the importance of transitioning to newer cybersecurity protections, developing additional resources, and promoting evidence-based solutions to assist victims and mitigate the rising risk of cyber-attacks for small businesses.