ITRC: Cybersecurity Incidents Targeting Small Businesses Are Down
But Social Media Takeovers Result in Stolen Income
By Roy Urrico
Finopotamus continues to highlight white papers, research, surveys, and reports that provide a glimpse as to what is taking place and/or impacting credit unions and other organizations in the financial services industry.
Cybersecurity incidents targeting small businesses increased by 61% during the pandemic years of 2020 and 2021, but have dropped slightly in the past 12 months. Less than half (45 %) of small businesses reported a security breach, data breach, or both, down from the 58% that reported a cybercrime in the 2021 report. However, social media-based incidents cut into revenue.
Those are among the findings in the second annual 2022 Business Impact Report from the El Cajon, Calif.-based Identity Theft Resource Center (ITRC), a national nonprofit organization, established to support victims of identity crime.
For the study, The ITRC, with the assistance of SurveyMonkey, conducted two online surveys in August and September 2022 to explore the impacts of cybercrimes on small businesses as defined by the U.S. Small Business Administration. Questionnaires were completed by 447 individuals at companies of 500 or fewer employees, including solopreneurs.
“Behind all of these statistics are people,” said Eva Velasquez, president and CEO of the ITRC. “These are people trying to support their families and their employees' families. As people look at this report, I encourage them to remember that these resources stolen by cybercriminals are the same resources needed to sustain or grow a business, which keeps those families safe, healthy and financially secure.”
“We are happy to see fewer reported cyber events, but we also find it intriguing that so many small business leaders are confident of their ability to defend against a cyber event,” she continued. “We will know in 2023 if these statistics and confidence levels are one-time events or true trends.”
Social Media Losses and Other Key Findings
Overall, more than 45% of small businesses lost revenue due to a cybercrime. Generally, small businesses lost less money as a result of a cyber incident in the last year, with one key exception – victims of social media account takeover.
Half of the small businesses surveyed reported losing control of a social media account to a cybercriminal, with 87% of the victims losing revenue generated by the account. Instagram (38%) and Facebook (31%), both owned by Meta, were the most frequently compromised sites, followed by YouTube at 11%.
Attackers continued to post to the compromised company social media account in half of the cases; 38% of companies saw cybercriminals contact their customers/followers with scams; and 11% of businesses said the attackers captured revenue from the social media platform.
Some of the other key findings from the 2022 Business Impact Report include:
· Companies losing less than $250,000 grew by 11 percentage points; businesses paying $250,000-$500,000 dropped six (6) points over the previous year. More than one-third (34%) of victims lost between $1,000 and $10,000.
· Fewer small businesses reported experiencing a data breach in the past 12 months (23%), a two-percentage point decrease from 2021. However, the number of small businesses reporting a first-time breach jumped 17 points from 2021.
· Nearly 30% of small businesses lost customer trust and had difficulty responding to customer concerns.
· More than 40% of small businesses struggled to understand what happened and why it happened.
· After investing in more security tools and training, 70% of small businesses said they were ready to protect against a cyberattack or recover from a data breach.
Recovering from the Damage
Another notable finding in the 2022 Business Impact Report is that small businesses relied more on cyber insurance and existing credit lines to cover the costs associated with a data or security breach (40% – a 12 percentage point jump in using insurance proceeds and a 7-point increase in existing credit use).
Also, 35% of small businesses reported returning to pre-breach performance levels within one year, a 13% age point increase. Most companies (41%) still required one to two years to fully recover.
The report stated, “The current economic climate where rising costs of labor, products, and delivery are challenging businesses of every size. But not all the news is hopeful. Just as consumers are increasingly the targets of social media account takeover attacks, so are small businesses.”