Forty-two (42) percent of small businesses lost revenue due to a cyber event. While down three percentage points from 2022, more businesses saw other increased impacts, such as more customers losing trust (32 percent), higher regrettable employee turnover (32 percent) and increased difficulty understanding what happened. The financial impacts of cyber breaches continued to drop compared to previous years, with more small businesses reporting losses under $250,000 and fewer reporting higher dollar-value events. Cyber insurance emerged as the primary source of recovery funding (33 percent), followed by cash reserves. There was a slight increase in headcount reductions (13 percent) to address data breach costs.
Seventeen (17) percent of organizations that experienced a data breach did not send data breach notices to impacted consumers. Fifty (50) percent of those who did not send a notice said it was at the request of law enforcement, followed by 38 percent claiming no personal information was exposed. Twenty-one (21) percent said there was no risk of harm from the type of data compromised.
DOWNLOAD THE 2023 BUSINESS IMPACT REPORT
“The trends identified in the 2023 Business Impact Report follow the same patterns the ITRC has seen in our other reports around consumer impacts and data breaches,” said Eva Velasquez, President and CEO of the Identity Theft Resource Center. “We saw a spike in attacks in 2021 before a reduction last year due to the Russian invasion of Ukraine and disruption in the cryptocurrency markets. Identity crime markets have rebounded this year, leading to record levels of breaches, suicide rates, and business attacks.
The good news is that small business leaders are focused on data security and privacy protection. However, we still have a lot of work to do. We must accelerate the transition to newer protections and continue to develop new resources to assist victims based on solid research and unmistakable evidence.”
According to the 2023 Business Impact Report, most small businesses have not utilized tools such as Multi-Factor Authentication (MFA) for employee or customer use, mandatory strong passwords or role-based access for employee access to sensitive data. Depending on the solution, adoption rates range between 20 and 34 percent.
The report shows similar adoption rates for consumer data collection, use, and storage practices and policies designed to protect personal information and privacy. Adoption rates range from 21 to 37 percent, partly due to state laws requiring data best practices, including data access, opt-in to data collection, opt-out of data sales, and rights to correct and delete certain types of information.
The ITRC offers a range of low and no-cost tools to help small businesses. Consumers can receive free live victim support or guidance from a knowledgeable advisor by calling 888.400.5530 or visiting idtheftcenter.org to live chat.
About the ITRC 2023 Business Impact Report
The ITRC, using the SurveyMonkey platform, conducted an online survey to explore the impacts of cybercrimes on small businesses as defined by the U.S. Small Business Administration. The survey was conducted in September 2023, covering the previous 12 months unless otherwise noted in a specific question. The online questionnaire was completed by 551 individuals; 276 met the criteria of being a person in a leadership position or an IT professional at a company of 500 or fewer employees, including solopreneurs. One hundred ninety-nine (199) reported being the victim of a cyberattack, a data breach or both in the past 12 months. This year’s report reflects responses from businesses ranging from single-employee companies to organizations with 500 employees. The responses also reflect a wide range of industries with a slight concentration in retail entities. By far, the largest number of general survey responses came from people who identified as business owners or partners, followed by C-Suite Officers and Sr. Executives. Unless otherwise noted in a specific question, the term “breach” refers to both a data and security breach (successful cyberattack).
About the Identity Theft Resource Center‥‥‥
Founded in 1999, the Identity Theft Resource Center® (ITRC)‥is a‥national‥nonprofit organization established to empower and guide consumers, victims, business and government to minimize risk and mitigate the impact of identity compromise and crime.‥Through public and private support, the ITRC provides no-cost victim assistance and consumer education through‥its website‥live chat‥idtheftcenter.org, and‥toll-free phone number 888.400.5530.‥The ITRC also‥equips‥consumers and businesses‥with‥information about recent data breaches through its data breach tracking tool,‥notified.‥The ITRC offers help to specific‥populations, including‥the‥deaf/hard of‥hearing and‥blind/low‥vision‥communities.‥
Media Contact‥‥
Identity Theft Resource Center‥‥
Alex Achten‥‥
Director of Communications & Media Relations
888.400.5530 Ext. 3611‥‥
[email protected]‥‥‥
Media Contact
Alex Achten, Identity Theft Resource Center, 888-400-5530 x 3611, [email protected], www.idtheftcenter.org
SOURCE Identity Theft Resource Center
