Cybersecurity started with a simple problem: computers talking to each other.

In 1971, the first known computer virus appeared, and by 1988 the Morris Worm showed how fast damage could spread online. Today, cybercrime is a global threat. Cyber attacks are expected to cost businesses and governments $10.5 trillion a year by 2025, more than the GDP of most countries. That growth is faster than many traditional crimes combined.

Now, with cloud systems, remote work, and AI tools, attackers are moving quicker and hitting harder. With that in mind, we’ll cover key eye-opening Cybersecurity statistics that every B2B and small business must know in 2026.

Cybersecurity Statistics: Key Numbers

• On average, 43% of cyber attacks target small businesses. 
• Cybercrime increased by 600% due to COVID-19 pandemic.
• 60% of small businesses shut down within six months of a cyberattack.
• Nearly 40% of small businesses reported data loss due to a cyberattack 
• 82% of ransomware attacks are aimed at small businesses.
• 1 in 323 emails received by SMBs is malicious.
• A data breach costs an average of $3.31 million for small businesses with fewer than 500 employees.
• 95% of cybersecurity breaches are attributed to human error.
• The cost of 95% of cybersecurity incidents at SMBs ranges from $826 to $653,587.
• 5% to 20% of overall IT budgets are dedicated to security by small and medium-sized businesses.
• 43% of small to medium-sized businesses lack a recovery plan for a cybersecurity incident.
• 50% of small businesses take 24 hours or more to recover from a cyberattack.

Source:(Verizon, BM’s 2023 Cost of a Data Breach Report, Astra Security, Symantec, University of Maryland Francis King Carey School of Law, UpCity )

• 85% of all ransomware targets are small businesses.
• The average cost of a ransomware attack is $26,000.
• Over the last year, US small businesses have paid more than $16,000 in ransoms.
• The number of businesses subjected to ransomware attacks increased by more than 27% in the last year.
• 37% of companies hit by ransomware had under 100 employees.
• 5% of SMBs fell victim to ransomware between 2016 and 2017.
• Manufacturing was the top industry targeted by ransomware attacks.

Sources: (Veeam’s 2023 Data Protection Trends Report, BitDefender, Statista, Linkedin, Thales Group, Small Business & Entrepreneurship Council, Verizon 2023 Data Breach Investigations Report)

• The average ransom payment has risen to $2 million, compared to $400,000 in 2023.
• 60% of small businesses hit by a cyber attack shut down within six months..
• 51% of small businesses report that their website is down for 8–24 hours after an attack.
• After a cyber attack, 50% of small businesses take at least 24 hours to recover.
• Nearly 40% of small businesses lose critical data due to a cyber attack.
• 42% of small businesses hit by a cyber attack suffer a financial loss.
• 32% of small businesses lose customer trust after a cyber attack.

Sources: (Linkedin, Astra Security, BM’s 2023 Cost of a Data Breach Report, Bitdefender, State of Ransomware 2024)

• On average, a cybersecurity incident costs SMBs $826 to $653,587.
• Cyber attacks cause an average loss of $25,000 for small and medium-sized businesses (SMBs).
• 500% jump in ransomware payments was recorded in the previous year.
• SMBs pay an average of $52,000 for each DDOS incident.
• Businesses with less than 500 employees typically incur $2.98 million per data breach.
• $165,520 is the average recovery cost for companies earning less than $10 million a year after a ransomware attack.

Sources: (Verizon, Business News Daily, Congress.gov, State of Ransomware 2024, Kaspersky, Tech Heads)

• 14% of small businesses say they are prepared to defend themselves against cybersecurity threats.
• SMBs spend between 5% and 20% of their total IT budget on security.
• An average business recovery time after an attack is 279 days.
• Following a cyber attack, 29% of businesses immediately hire professional cybersecurity help or increase their in-house IT staff.
• 83% of SMBs aren’t prepared to handle the financial fallout of a cyber attack.
• 54% of businesses admit their IT departments lack the experience to deal with complex cyberattacks.

Sources: (Insurance Journal, SBA, Tealtech, Astra Security, NinjaOne, Cyber Security Awareness)

• There are 15,208 business email compromises per year on average (data from 2013 to 2021).
• Business email compromises cost an estimated $8.6 billion per year.
• Business email compromise fraud costs $43 billion between 2016 and 2021.1
• Between July 2019 and December 2021, the number of business email compromise (BEC) attacks increased by 65%.
• 77% of organizations experienced business email compromise attacks, an 18% increase from 2020.
• Cybercriminals are also using company names (68%), names of individual targets (66%), and boss/managers’ names (53%) in their spear phishing emails.
• According to the Federal Bureau of Investigation’s 2021 Internet Crime Report (IC3), they received 19,954 reports of business email compromise (BEC).

• 11.1% of all cyberattacks were directed at retailers.
• The retail industry experienced 629 confirmed incidents and 241 breaches in 2022.
• In retail, the average cost of a data breach in 2022 was $3.28 million.
• 77% of consumers rank cybersecurity and data privacy 3rd when choosing a retailer.
• 40% of people think retail POS systems are the most vulnerable to cyberattacks.
• 50% of retail cyberattack victims were extorted, and 25% had their credentials harvested.
• 45% of retailers reported an increase in the volume, severity, or scope of cyberattacks in 2021/22.
• 77% of retail businesses were attacked by ransomware in 2021, an increase from 44% in 2020.
• 98% of the 629 incidents in the retail sector involved a financial motive.
• 89% of retailers affected by ransomware reported revenue or business losses.
• Nearly 20% of customers say they will stop purchasing from companies that have been hacked.

Sources: (Fortinet, CSO Online, WWD, NBER, Arctic Wolf, ISA Cybersecurity, Trend Micro, Security Magazine, Virtual Armour.)

Strengthening #cybersecurity in the #retail industry is critical to ensure networks are not breached and data is not stolen. In the #2024DBIR, Verizon identifies key threats and trends impacting #retailers today and over the last 6 yrs. @verizonbusiness https://t.co/w0cqjnP9TT

— Jeff Rothstein (@RothJ98West) August 7, 2024

Source: SlideTeam

Types of Retail Attackers

Retail security threats come from different sources, mostly from outside attackers. Here’s a breakdown of the types of attackers that retailers face:

• 83% of retail security threats come from external attackers.
• 13.1% of attacks involve multiple sources.
• 3.3% of threats are from malicious insiders within the company.
• 0.6% of security issues are caused by unintentional actions from insiders.

Source: 2013 IBM Cyber Security Intelligence Index for Retail

Causes of Retail Data Breaches Statistics

Retail data breaches mostly happen because of hacks, tech issues, and human mistakes. Here’s a look at what usually causes them:

• 40% of data breaches in retail are due to malicious attacks.
• 30% of retail breaches are caused by IT failures.
• 30% of retail data breaches result from human error.

Source: WWD

• Manufacturing: 25.7%
• Finance and Insurance: 18.2%
• Energy and Utilities: 11.1%
• Retail: 11.1%
• Healthcare and Pharmaceuticals: 10.7%
• Public Administration: 6.3%
• Education and Research: 4.3%
• Other Sectors: 2.8%

Source: X-Force Index by IBM Security