Over 80% of US Small Businesses Have Been Breached

Written by

A growing number of US small businesses are taking preventative security measures, despite the share suffering a data or security breach surging to 81% last year, according to the Identity Theft Resource Center (ITRC).

The non-profit collated publicly reported breaches and information from victims who got in touch to compile its annual Consumer & Business Impact Report.

It revealed that the share of organizations with fewer than 500 employees that suffered a data or security breach in the past year increased eight percentage points annually.

Average financial losses also more than doubled annually to $500,000, the report claimed.

However, on the plus side, 80% of small businesses are taking steps to prevent future breaches, including providing staff training (88%), investing in security tools (65%) and increasing their security budget (67%).

Consumers also appear to be getting smarter about cyber-hygiene – growing numbers are freezing their credit, changing their password habits and adopting technologies like passkeys, the ITRC said.

They need to. The report claimed that only 18% of consumers did not receive a data breach notice in the past 12 months, with more than 43% of victims receiving at least two notices, up from 29% in last year’s report.

Reports to the ITRC of identity crimes jumped 21 percentage points from July 2023 to June 2024, with nearly 47% percent of individuals having been victimized more than once. 

Those who claimed to have contemplated suicide as a result dropped from a previous high of 16% to 12%, but the share that considered self-harm grew from 3% to 5% over the past year.

Read more on identity crimes: Doubling of Identity Theft Victims With Suicidal Thoughts

ITRC president, Eva Velasquez, welcomed the fall in the share of identity crime victims contemplating suicide, but argued that it’s still too high.

“It is reflective of broader trends outlined in the report, such as the financial, physical and emotional impacts of identity crimes on distinct populations,” she added.

“However, the encouraging news from the consumer aspect of the report is that our victims are beginning to adopt passkeys as a replacement for passwords. A passkey allows you to log in with a biometric identifier, which cannot be stolen. This is a cyber-hygiene practice we encourage everyone to take.”

What’s hot on Infosecurity Magazine?