5 Eye Opening Cybersecurity Stats Independent Retailers Need to Know

Written by Rob Stott

February 21, 2022


Cybersecurity is one of those topics that you’d rather not have to think about. Chances are, you have a security solution in place, and you want to just set it and forget it.

As a matter of fact, a recent survey of independent retailers conducted by Nationwide Marketing Group found that to be the case. Over 77% of retailers told us that they believe their business is properly protected against potential cyberattacks or other security threats. In fact, they’re so confident that nearly two-thirds haven’t reviewed their business technology services within the past year or more.

But here’s the thing: complacency can make your business an easy target.

I’m not in the fear-mongering business when it comes to cybersecurity. But there’s a very stark difference between being fearful and being aware of potential threats and how to prevent them from impacting your business. And it’s that awareness factor that is so crucial to properly protecting your business.

Yes, we’re excited to see that, in our survey, more than 90% of independent retailers have little to no concern about a potential attack on their business. But industry data tells us that these retailers are just a little too comfortable.

So, to help stress just how important this topic is and how seriously it needs to be taken, here are a few eye-popping data points.

1. 4,000 average daily ransomware attacks in the U.S.

Since 2016, companies throughout the United States have been hit with roughly 4,000 ransomware attacks per day. Ransomware attacks, if you’re unfamiliar, are those where a malicious actor gains access to your data or infrastructure and holds your business hostage, typically for a fee.

Experts estimate that, last year, one ransomware attack occurred every 11 seconds.

And here’s the thing, they’re not all targeting the big guys. Of course, when the Targets, Walmarts and Home Depots of the world are impacted, you’re going to hear about it on the nightly news. Consider those attacks the unicorns of the cybersecurity world. They’re massive when they do happen, but they are truly few and far between.

2. The average ransomware request was $200,000 in 2020.

Way back in 2018, industry data show that the average ransomware payment request was a measly $5,000. Just a few years later that figure has increased 40-fold to $200,000. That figure is certainly a little skewed because of the million-dollar payouts made by big companies. But data shows that even when limited to just mid-sized companies, the average ransomware payout was over $170,000.

That said, the cost of a ransomware attack doesn’t end with the fee itself. There’s the recovery process, reinvesting and upgrading your systems to prevent further attacks. There’s the time spent scouring over your data to ensure no malicious software was left behind — the list goes on.

All things told, the average cost to recover from a ransomware attack is estimated at $1.85 million. Suffice it to say, for small and medium sized businesses, ransomware attacks can be crippling or, in most cases, absolutely devastating. In fact, 60% of SMBs that fall victim to a ransomware attack end up going out of business altogether within six months.

3. Average down time is 21 days.

The costs of a cyberattack extend beyond the impact on the business itself, though. And this rings especially true in the retail industry. When your data is locked down and your system is inaccessible, you’re not going to be able to process payments, and your website and in-store systems will be down.

Imagine not being able to sell product — do the thing that you’re in business to do — for three weeks. Cybersecurity experts estimate that businesses lose an estimated $8,500 per hour during their down time. That’s A LOT of lost business.

4. 29% of companies had to eliminate jobs following a ransomware attack.

During a period where finding and retaining talent is one of the most-talked-about challenges impacting the retail industry, imagine having to let employees go because you couldn’t afford to keep them after a ransomware attack. While not strictly retail-related, industry data found that nearly a third of businesses impacted by ransomware attacks were forced to cut jobs. Considering some of the stats above on the financial ramifications of a ransomware attack, it’s not hard to comprehend why and how this would be the case. How else can you quickly make up for potentially hundreds of thousands of dollars lost having to get your data back and potentially millions of dollars spent during the aftermath of the attack?

5. 53% of impacted companies say brand reputation was damaged.

Revenue lost during the down time is certainly expected. You can’t do business. But ransomware attacks can also have a major impact on your potential to do future business. Are customers really going to want to shop with a brand that was the target of a cyberattack? Probably not.

And, not surprisingly, over half of the companies surveyed who were impacted by a cyberattack said the experience had a damaging impact on their company’s reputation. Another 60% said they lost revenue because of the attack.

These data points aren’t intended to scare you as a business owner. Rather, they are meant to enlighten and inform you. They should make you aware that, just because you don’t produce quarterly earnings reports with 10 or 11 digits after that dollar sign, doesn’t mean you aren’t on the radar of a cybercriminal. In fact, that makes you an easier target.

So, maybe it’s time to review what solutions you have in place. Or remind your team of email best practices and the signs to look for in a phishing attempt. Be diligent. But more importantly, be prepared.

Unsure if your business is properly protected against potential cybersecurity threats? Interested in a free, zero-commitment connected business services consult? Fill out this form and let us know.


Connect With Us!

More Podcasts

219: PROJECT: automate Founder Pays It Forward During Oasys Summit

219: PROJECT: automate Founder Pays It Forward During Oasys Summit

Josh Trevithick founded his custom integration company, PROJECT: automate, a little over two decades ago, but he just recently joined Oasys Residential Technology Group – and he’s already realizing the return on his investment. During the recent Oasys Summit, Trevithick sat down to talk about his early experience in the group and how he hopes to pay it forward.

218: Frank Sterns Chats On New Role and the Parallels to Previous Stops

218: Frank Sterns Chats On New Role and the Parallels to Previous Stops

Just a few weeks after being formally introduced as a consultant for Nationwide Marketing Group’s Custom Integration division, Frank Sterns was with the group in Austin for the second-annual Oasys Summit. There, we sat down with him to talk about his first in-person experience with the group as a part of the team, and we dove into his career history and his vision for the group.

217: Howard’s Leans Into the Nature of Its Sales Team to Boost Its Product Protection Pitch

217: Howard’s Leans Into the Nature of Its Sales Team to Boost Its Product Protection Pitch

In an industry where the battle for margins enhancement is ongoing, something like product protection programs should be a no-brainer to business owners. But how you – and your sales team – approaches product protection with your customers can make or break the pitch. Howard’s is a great example of a retailer that understands what makes its sales team tick, and leaning into that to improve their attachment rates.