#privacy: Study highlights greater risks run by small businesses that suffer a data breach

data breach

Almost a third of consumers have said that a small business would lose their loyalty in the event of a data breach, a new study finds.

While no business is free from the risk of cyber-crime, larger organisations are usually more able to deal with data breach incidents, as they typically have greater finances, IT resources and expertise to invest into cyber-combat and breach recovery.

On the flip-side, smaller companies face tougher times in the event of a leak, but they also face losing customers, according to findings made by Bank of America Merchant Services.

Following a poll of consumers and small businesses, Bank of America Merchant Service’s third-annual Small Business Payments Spotlight report discovered that over a fifth (21%) of small-to-medium-sized businesses (SMBs) said they suffered data breach over the past two years – a rise of 17% on the previous 24 months.

Over two fifths (41%) of small companies said that they were hit by a breach incident, recovery from which cost in excess of $50,000. Furthermore, nearly 30% of consumers polled said that they would not go back to a small business that had been hit by a data breach – the number is up 20% on the result from two years ago.

Small enterprises have been taking steps to mitigate data breach risk over the past 24 months, with 57% saying that they have upgraded their Point-of-Sale (POS) equipment, and 44% reporting that they have integrated US industry security standards such as PCI compliance.

A further 43% of small firms said they have given staff more training with regards to cyber-security and spotting fraud. EMV chip cards have now been taken on by 80% of SMBs – the technology offers a more secure method than the payment cards with a magnetic strip.

POS systems have also become more sophisticated, an evolution that is helping SMBs in sales reporting and inventory management, the study found. Around 60% of the respondents reported that they employ a POS system that can do more than supporting payments, while just 35% said they are using systems that do not have integrated POS.


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.