Risk Assessment Data: Cybersecurity Statistcs from PurpleSec

PurpleSec is a small, veteran-owned cybersecurity consulting firm in Virginia. They have posted an extensive list of cybersecurity statistics grouped by various subheadings, including statistics on small businesses. They also offer a PDF of their data sources for the statistics, which include a number of industry reports and experts.

Check out this page if you are doing a risk analysis for your organization, or if you are a business owner or operator and want to do a deep dive "cold shower" style of learning about the current state of cybersecurity through numbers and statistics.

https://purplesec.us/resources/cyber-security-statistics/

Some examples of the statistics you will find there include:

• The types of cyber attacks on small businesses broke out as following:
• Web-based attack 49%
• Phishing / social engineering 43%
• General malware 35%
• SQL injection 26%
• Compromised / stole devices 25%
• Denial of services 21%
• Advance malware / zero day attacks 14%
• Malicious insider 13%
• Cross-site scripting 11%
• Ransomware 2%
• Other 1%
• 60% of small companies go out of business within six months of a cyber attack.
• 48% of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
• Ransomware damage costs alone are on track to hit $11.5 billion in 2019, at which point it’s estimated that small businesses will fall victim to a ransomware attack every 14 seconds.