Cybersecurity Assessments and Services

10 SMB Data Breach Statistics

December 7, 2021

10 SMB Data Breach Statistics ~ Small Businesses ARE NOT Immune

  1. The number of recorded data breaches in 2021 has exceeded the total number of events 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020
  2. More than 60% of breaches result from misused, stolen or purchased credentials
  3. An estimated 85% of data breaches involve a human element.
  4. Phishing is the top threat action that results in a breach
  5. The number of breaches that involve ransomware has doubled  
  6. 34% of data breaches involve internal actors
  7. Over 80% of breaches are discovered by external parties.
  8. An estimated 36% of organizations worldwide had a cloud data breach in the past 12 months
  9. 74% of organizations in the United States have fallen victim to a successful phishing attack that resulted in a data breach in the last 12 months
  10. The US is the leader in phishing-related data breaches for 2021 so far, with rates 30% higher than the global average, and 14% higher than the same period in 2020.

In this year’s IBM Cost of a Data Breach Report, researchers determined that the average cost of a breach in 2021 is estimated at $4.2 million per incident, the highest ever recorded in the 17 years of the study.

The cost of a data breach can change significantly depending upon the initial attack vectors including the top three most common: compromised credentials (20% of breaches), phishing (17%) and cloud misconfigurations (15%).

The cost of a breach can be impacted by the type of data stolen or leaked, like customer personally identifiable information – the most frequently breached and the most expensive at $180 per record.

The top country in the world for data breach costs in 2021 (so far) is the US with an average cost of $9.05 million.

Thanks to the hot market for COVID-19 data in 2020, medical data is in second place as the most desirable data to snatch, and healthcare at $9.23 million is the industry with the most expensive data breach costs.

Organizations that operate with 50% remote workers took an average of 316 days to identify and contain a data breach compared to the overall average of 287 days.

Companies supporting a remote or hybrid workforce experienced an increase of up to $1 million more when a data breach occurred, with the highest rates of $4.96 million in comparison to $3.89 million.

Resources can help

View all
View all
May 1, 2026
main image

Top Cybersecurity Mistakes That Delay Compliance (and How to Fix Them)

Read more
April 24, 2026
main image

Prioritizing Different Cybersecurity Frameworks - Strategic Decision Paths

Read more
March 25, 2026
main image

CMMC vs. SOC 2 vs. ISO 27001

Read more
Work with us
work@trustly.com
Company
About Us Partner ProgramTestimonials
Compliance
CMMCNIST 800-171HIPAASOC 2 & SOC 1PCI DSSISO 27001GDPR / Privacy ShieldHITRUSTCIS
Services
Penetration TestingVulnerability ScanningPolicy & Procedure DevelopmentvCISO
Subscribe to our latest news.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Copyright 2009 - 2026 Interactive Security, Inc. All rights reserved.
Designed byJSI Studio
Boost Your Webflow with Pro Apps! Get 20% Off with Code WEBFLOW20
Try Now!
icon
More Templates
webflow icon
Buy this Template