Arrow back

What you need to know from the ITRC’s ‘2023 Business Impact’ Report

03 January, 2024

2024 is here, and although the year is new; the cyber threats organisations face are not.

Now, a new report from the US-based Identity Theft Resource Center (ITRC) has confirmed that human error continues to be one of the leading causes of data breaches and cyberattacks for small businesses.

Based on a survey of over 500 small business owners and leaders, the report highlights the need for small businesses to focus on reducing insider threats through training and policies.

In this blog, we’ll share some of the key findings from the report and what small businesses across the world can do to reduce human error-related breaches.

Let’s get started!

Key findings from the ITRC Report:

  • In the past year, 73% of small businesses experienced a cyberattack or data breach.
  • Malicious insiders caused 30% of cyber incidents.
  • 21% of breaches were linked to remote workers.
  • 53% of small businesses had financial impacts over $250,000 (£197,000).
  • 85% of small business leaders feel prepared to respond to cyberattacks.

How small businesses can reduce human error in cybersecurity

While technical defences like antivirus and firewalls are important, they can only go so far.

With the ITRC’s report in mind, here are some tips for building a culture of awareness and reducing risky behaviour:

Implement robust security training

Regular security training is essential to ensure employees know how to spot phishing emails, create strong passwords, and follow safe browsing habits.

Stressing the importance of vigilance and the role each employee plays in protecting company data is key in building a positive security culture within your organisation.

Enforce strong password policies

Strong passwords are a fantastic way to prevent easily avoidable breaches. Require your employees to use passwords with a minimum of 12 characters, with upper and lowercase letters, numbers, and symbols.

Equally important is that each password your employees use is completely unique to each service. A password management tool is a great way to store those unique, complex passwords.

Limit access to sensitive data

Restrict access to confidential company data and customer information only to employees who need it for their job duties. This helps prevent insiders from intentionally or accidentally mishandling data.

Frequently backup critical data

Regular backups help minimise disruption from ransomware and accidental data loss due to human error. Test restores periodically to verify backups are working correctly.

The ITRC report is a reminder that cybersecurity requires both technological defences and thoughtful policies around employee behaviour. Reducing human error through training and smart data hygiene practices is one of the most effective ways small businesses can improve their security posture.

At Bob’s Business, we make reducing human error simple for organisations of all sizes. Whether it’s our NCSC-certified short-form training, award-winning phishing simulations or affordable culture-change solutions, we’re your ultimate cyber training partner.

Back to resources

Ready to build your cybersecurity culture?

Whether you’re looking for complete culture change, phishing simulations or compliance training, we have solutions that are tailor-made to fit for your organisation.

Girl with laptop
Boy with laptop
man and woman with laptops
Global Cyber Alliance