NordPass and NordStellar, developed by one of the best VPNs, NordVPN, has found small private businesses are the most attractive to hackers. Its analysis found a small, private, retail company in the US would be a go-to target for cybercriminals.
Nearly 2,000 worldwide data breach incidents from the past two years were analysed, extracting insights on which companies are most likely to experience a cybersecurity breach. Companies were ranked based on their likelihood for a breach depending on their industry, size, company type, and country of registration.
Most breaches occurred in the retail sector (95 incidents), followed by technology (56 incidents), and business services (51 incidents). No industry or company is immune to breaches, but data indicates that private companies are targeted significantly more than any other. Out of the 2,000 data breaches analysed, approximately 1,600 involved private companies.
"While small retail companies are highly attractive, other profiles are no less appealing for hackers," says Karolis Arbaciauskas, head of business development at NordPass. "This analysis helped us illustrate which businesses face higher risks and explain what measures can be taken to avoid them."
Even tech companies are at risk
Specific technology-related sectors, including internet and web services, IT services and consulting, software development, and computer hardware development, all feature in the top 10 targeted industries. Arbaciauskas sees this as surprising given many assume these industries would be better equipped to prevent breaches. However, technology firms are seen by hackers as an appealing target and even if the company is well-equipped, human mistakes can still occur. So, firms should carefully evaluate their cybersecurity preparedness.
No country is resistant to cyber attacks, but naturally, larger countries are in the spotlight and give hackers greater opportunities to target them. Almost a quarter of businesses targeted were based in the US (489 incidents), with India (114 incidents), and the UK (73 incidents), making up the top three.
No business is too small
Hackers prefer small and medium sized businesses (SMBs). The overwhelming majority of businesses targeted had 51-200 employees, and Arbaciauskas thinks SMBs may be underestimating their value to hackers.
"There are targeted attacks, yes, but hackers often go for much broader scope activities, such as credential surfing, dictionary or rainbow attacks that do not choose their victims," Arbaciauskas says. "Because of employees' reused and poor passwords, or downloaded malware, company credentials appear in the leaked credentials' databases, which gives a chance for hackers to break in. For smaller companies, a data breach is a risk for business closure – financial costs and reputational damage carry significant aftermath effects."
How businesses can protect themselves against data breaches
According to a recent IBM report, the average cost of a data breach in 2024 is almost $5 million, as well as serious damage to a company's reputation. It's therefore imperative organisations do everything they can to minimise the risk of a cybersecurity attack and protect the data of their business and their customers.
But what steps can be taken to help minimise risks? Businesses can incorporate some of the best business VPNs into their working practices, and there are a number of reasons why you should use a VPN at work.
VPNs are a security tool that encrypts a device's data when using the internet. Encryption is vital for anyone looking to bolster their digital privacy and protect their data online. VPNs add an additional layer of security for businesses, their employees, and their data. They act as a shield against cyberattacks, as hackers can't see your data or information.
Although price varies, VPNs are a cost effective way to enhance your business' security, reducing the need to invest in lots of hardware or tech support. Business VPNs are designed with multiple team members in mind, often using cloud-based systems, meaning employees can all access the same encrypted data and files. Our top recommended business VPN, Perimeter 81, comes with a host of features and can cover multiple team members. However at a minimum of $8 per team member, it isn't the cheapest out there.
They are also very useful for remote workers. With the post-pandemic changes in working habits, more workers than ever work remotely either part-time or full-time. With a VPN, employees can access a company's network and resources from anywhere in the world, meaning workers can stay flexible, without compromising company security.
If your remote workers enjoy working in public spaces such as libraries and coffee shops, they may be connecting to public Wi-Fi. This can be risky as hackers can easily steal data from unprotected users of these networks. Connecting to public wifi with a VPN renders any attack useless as hackers can't see what you're doing and your private information remains secure.
VPNs may also protect your company and employees from phishing attacks, with many of the most secure VPNs including anti-phishing protections. These can identify and warn you of suspicious spam emails and texts, looking to trick you into inputting your personal information and granting hackers access to your data.
Other ways to protect your business
VPNs aren't the only way to protect you and your business from the threat of cyberattacks. Using tools such as the best password managers can generate and store complex, unique passwords, making them harder to guess, and access, and protecting your data as a result. Weak or reuse of passwords are a common cause of cyberattacks and a strong password is the first line of defence against hackers.
Cybersecurity auditing is a helpful way to identify any weaknesses in your company's IT infrastructure. Having independent, third-party audits can help businesses prepare resilience and defence strategies against hackers and also build their reputation as a secure company which protects customer and business data.
Finally, a simple way to combat cyberattacks is through education and awareness. Human error is a massive cause of data breaches. Employees may use weak passwords, fall for phishing scams, or use unprotected networks. Investing in employee awareness and cybersecurity training is a vital tool to protect your business. You can have all the protections in the world, but if you, or one of your employees, willingly gives out confidential information then VPNs or password managers can do very little to prevent a data breach.