Cybersecurity Assessments and Services

10 SMB Data Breach Statistics

December 7, 2021

10 SMB Data Breach Statistics ~ Small Businesses ARE NOT Immune

  1. The number of recorded data breaches in 2021 has exceeded the total number of events 2020 by 17%, with 1,291 breaches in 2021 compared to 1,108 breaches in 2020
  2. More than 60% of breaches result from misused, stolen or purchased credentials
  3. An estimated 85% of data breaches involve a human element.
  4. Phishing is the top threat action that results in a breach
  5. The number of breaches that involve ransomware has doubled  
  6. 34% of data breaches involve internal actors
  7. Over 80% of breaches are discovered by external parties.
  8. An estimated 36% of organizations worldwide had a cloud data breach in the past 12 months
  9. 74% of organizations in the United States have fallen victim to a successful phishing attack that resulted in a data breach in the last 12 months
  10. The US is the leader in phishing-related data breaches for 2021 so far, with rates 30% higher than the global average, and 14% higher than the same period in 2020.

In this year’s IBM Cost of a Data Breach Report, researchers determined that the average cost of a breach in 2021 is estimated at $4.2 million per incident, the highest ever recorded in the 17 years of the study.

The cost of a data breach can change significantly depending upon the initial attack vectors including the top three most common: compromised credentials (20% of breaches), phishing (17%) and cloud misconfigurations (15%).

The cost of a breach can be impacted by the type of data stolen or leaked, like customer personally identifiable information – the most frequently breached and the most expensive at $180 per record.

The top country in the world for data breach costs in 2021 (so far) is the US with an average cost of $9.05 million.

Thanks to the hot market for COVID-19 data in 2020, medical data is in second place as the most desirable data to snatch, and healthcare at $9.23 million is the industry with the most expensive data breach costs.

Organizations that operate with 50% remote workers took an average of 316 days to identify and contain a data breach compared to the overall average of 287 days.

Companies supporting a remote or hybrid workforce experienced an increase of up to $1 million more when a data breach occurred, with the highest rates of $4.96 million in comparison to $3.89 million.

Resources can help

View all
View all
January 10, 2026
October 9, 2019
main image

Saving Money with a PCI-DSS Scope Reduction

Read more
January 10, 2026
October 9, 2019
main image

Top 5 Cybersecurity Challenges Faced by the Healthcare Industry

Read more
January 10, 2026
October 30, 2019
main image

Grow Company Revenue Through Data Security Compliance

Read more
Work with us
work@trustly.com
Company
About Us Partner ProgramTestimonials
Compliance
CMMCNIST 800-171HIPAASOC 2 & SOC 1PCI DSSISO 27001GDPR / Privacy ShieldHITRUST
Services
Penetration TestingVulnerability ScanningPolicy & Procedure DevelopmentvCISO
Subscribe to our latest news.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Copyright 2009 - 2025 Interactive Security, Inc. All rights reserved.
Designed byJSI Studio
Boost Your Webflow with Pro Apps! Get 20% Off with Code WEBFLOW20
Try Now!
icon
More Templates
webflow icon
Buy this Template