Searching in Grok for small business data on phishing stats “What is phishing attack statistics for small businesses”
Grok searched 15 websites and came up with this:
Phishing attacks are a significant threat to small businesses, often targeting them due to their potentially limited resources for cybersecurity. Based on the most recent data available to me as of February 19, 2025, here are some key statistics and insights regarding phishing attacks on small businesses:
-
Prevalence of Attacks: Small businesses are disproportionately targeted by cyberattacks, including phishing. Research indicates that 43% of cyberattacks are aimed at small businesses annually. This is largely because they may lack the robust security measures of larger organizations, making them attractive targets for cybercriminals.
-
Phishing as a Common Vector: Phishing remains one of the most common attack methods. Studies show that it accounts for a significant portion of cyber incidents affecting small businesses. For instance, it’s estimated that phishing is involved in around 36% of all data breaches across various organization sizes, with small businesses being particularly vulnerable due to fewer defenses. Posts on X also highlight this, noting phishing as a frequent tactic where fake emails or messages trick users into revealing sensitive information.
-
Frequency and Volume: Approximately 57% of organizations, including small businesses, experience phishing attempts weekly or daily. This aligns with the broader statistic that 3.4 billion phishing emails are sent globally each day, with a notable portion targeting smaller entities that might not have advanced email filtering systems.
-
Financial Impact: The financial toll on small businesses can be severe. Phishing attacks cost businesses an average of $4.91 million per incident, according to IBM’s data, though small businesses might face losses scaled to their size—often around $25,000 on average per attack for SMEs (small and medium-sized enterprises). Business Email Compromise (BEC), a type of phishing, is particularly costly, with losses reported at $1.8 billion annually across all victims, a portion of which impacts small businesses.
-
Training and Preparedness: Only 32% of small businesses have conducted phishing experiments to assess employee readiness, indicating a gap in proactive defense strategies. This lack of training contributes to human error, which is involved in 74% of security breaches, making phishing highly effective against untrained staff.
-
Insurance Coverage: Just 21% of small businesses have standalone cyber insurance policies, compared to 58% of large companies, leaving many exposed to the full financial brunt of phishing-related losses.
These statistics reflect the broader cybersecurity landscape up to early 2025, with small businesses facing a heightened risk due to their size and resource constraints. The continuous evolution of phishing tactics, including the use of AI to craft more convincing messages, further amplifies this threat. For the most current data beyond February 19, 2025, I’d recommend checking recent reports from organizations like Verizon, IBM, or the Anti-Phishing Working Group, as phishing trends evolve rapidly.
So there are some basic items – such as one needs training and lack of cyber insurance. helps cause the misunderstanding of phishing attacks to small business.
Small businesses are being attacked like everyone else using phishing no one is immune.
Contact me to discuss
ADDON content 2/21: Krebs on security also has a post https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/
Where Brian Krebs posted a story of how hackers are stealing people’s phone wallets with fake USPS texts or some other fake texts like a Geaux pass account.
The hackers get you to enter your information while they steal mobile wallets, and then they will create their own wallets to use your information and credit card numbers etc. to buy stuff for themselves.