The Identity Theft Resource Center (ITRC) has released its 2023 Business Impact Report (BIR) [5], revealing a record high in cyberattacks targeting small businesses in the US. This report highlights the prevalence of data breaches and cyberattacks on small and medium-sized businesses, with a particular focus on employee and customer data. It also sheds light on the preparedness of businesses to respond to cyber incidents and the adoption rates of cybersecurity best practices.


According to the report [2] [3] [4], nearly three-quarters of US-based small and medium-sized businesses experienced a data breach or cyberattack this year. Despite this increase in attacks [2] [4], the majority of respondents claimed to be prepared to respond to a cyber incident [4], showing improvement from the previous year. However, the adoption rates for cybersecurity best practices such as multi-factor authentication and strong passwords were relatively low [4].

On a positive note [1] [4], less than half of businesses implemented cybersecurity best practices such as multifactor authentication and mandatory password strength [3]. Many respondents took steps to prevent future breaches [4], including providing new training for staff and implementing new security tools [4]. While the financial impact of cyberattacks on small businesses decreased [4], other impacts such as loss of customer trust and higher employee turnover were reported [4]. The number of organizations reporting first-time attacks remained consistent with the previous year.

The ITRC president [4], Eva Velasquez [4], emphasized the rebound of identity crime markets [4], leading to record levels of breaches and business attacks [4]. She stressed the need to accelerate the adoption of newer protections and develop resources based on solid research and evidence to assist victims [4]. The report also reveals that some organizations did not send data breach notices to impacted consumers [5], citing reasons such as law enforcement requests and claims of no personal information exposure [5]. Additionally, a significant percentage of organizations believe there was no risk of harm from the compromised data.


The 2023 Business Impact Report provides detailed insights into the current state of cyberattacks on small businesses. It highlights the need for increased cybersecurity measures and proactive prevention strategies. While some businesses have taken steps to improve their security practices, there is still a significant gap in the adoption of best practices such as multi-factor authentication and strong passwords. The report emphasizes the impacts of cyberattacks, including the loss of customer trust and higher employee turnover [4]. It also underscores the importance of developing resources and protections based on solid research and evidence. Moving forward, it is crucial for businesses to prioritize cybersecurity and implement effective measures to mitigate the risks posed by cyberattacks. The full report can be downloaded from the ITRC’s website [1], featuring James E [1]. Lee [1], the ITRC Chief Operating Officer [1], as a speaker [1]. For more information [1], visit the ITRC’s official website [1].