Small businesses often assume they are safe from cyber attacks because they are too small to be of interest to hackers. Many small businesses also mistakenly assume they have taken adequate measures to protect themselves. This infographic highlights the risks faced by small businesses from hackers as well as gives a few tips to help safeguard against attacks.

Mid-Market Application Security

Add this Infographic to Your Website for FREE!

Small Version

Large Version

Infographic by Veracode Application Security

Small businesses and the Internet

  • 66% say that their businesses depend on the Internet for day-to-day operations
  • 72% of the known hacker breaches in 2011 affected businesses with 100 employees or less
  • 50% of small businesses think they are too small to be a hacker target.
  • 40% of corporate cyber attacks were targeted at companies with 500 employees or less
  • 85% believe they have taken adequate measures to keep safe from hackers

In Reality, Basic Malware Safeguards are Lacking

  • 67% don’t use web-based security/service
  • 61% don’t use antivirus on all desktops
  • 47% don’t use security on mail server/services
  • 40% don’t use a security suite on all desktops
  • 63% Do not have any security on systems used for online banking
  • 77% Do not have a formal written Internet security policy
  • 56% Do not have polices that clarify what websites employees can use
  • 63% Do not have policies regarding how their employees use social media.

What do they (attackers) take?

Type of Attack Small Business Large Business
Payment Card Numbers / Data 96% 4%
Authentication Credentials 95% 5%
Copyrighted Material 79% 21%
Medical Records 75% 25%
Classified Information 67% 33%
Bank Account Details 62% 38%
Personal Information 57% 43%
System Information 39% 61%
Sensitive Organizational Data 35% 65%
Trade Secrets 21% 79%

  • Average cost to a small-medium business from a cyber-attack is nearly $188,242
  • Within 6 months 60% close permanently
  • Within 2 years 90% close permanently

Preventive measures are simple and cheap


  • Train employees in security principles
  • Protect information, computers and networks from viruses, spyware and other malicious code
  • Provide firewall security for your entire IT infrastructure
  • Download and install software updates for your operating systems and applications as they become available
  • Make backup copies of important business data and information
  • Control physical access to your computers and network components
  • Secure your Wi-Fi networks. If you have a Wi-Fi network for your workplace make sure it is secure and hidden
  • Change default credentials for all systems and require individual user accounts for all employees
  • Limit employee access to data and information, and limit authority to install software
  • Regularly change passwords

Veracode Security Solutions

Android Apps Security


Vulnerability Scanner

SQL Injection Attack

Facebook Security Settings

Internet Security

Mobile Security

iOS Security Guide

Web Page Security

Vulnerability Assessment


Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.




contact menu