Disclosure: PasswordManager.com earns a commission from referring visitors to some products and services using affiliate partnerships.

While most of us believe that we are smart enough to outwit scammers, the truth is that phishing still causes major damages to both individuals and businesses. The costs incurred by major corporations due to phishing scams and related security breaches has been well documented, but we wanted to find out how phishing has affected small and medium sized businesses.

In December, PasswordManager surveyed over 1,600 executives and HR managers at SMBs to find out how phishing scams have affected their companies. The results:

  • 60% of SMBs fell prey to phishing scams in 2022
  • Nearly 2 in 5 victims lost $100,000+ to scammers
  • More than one-third of victims lost customers due to phishing scams
  • 44% of victims had their data stolen

60% of Small and Medium Sized Businesses Fell Prey to Phishing Scams in 2022

ix in 10 survey respondents say they had at least one employee at their company fall prey to a phishing scam in 2022. Of this group, 23% say their company is targeted every day by scammers, 35% say a few times per week, 30% say a few times per month, and 10% say they are rarely targeted.

When asked about the percentage of employees who were targeted with scams in 2022, the largest group (23%) say between 10% and 20% of their employees were targeted. When asked about the percentage of employees who actually fell for the scams, the largest percentage (40%) say that it was less than 10% of employees.

2 in 5 SMB Victims Lost $100,000 or More to Phishing Scams in 2022

Of the SMBs who fell prey to phishing in 2022, 39% say they lost $100,000 or more due to the scams, while a small percentage even say they lost over $1 million. Additionally, 73% of respondents say phishing scams have had a ‘very’ (32%) or ‘somewhat’ (41%) negative impact on their business this year.

In addition to losing money to scammers, 44% of companies had their data stolen, 36% lost customers due to phishing scams, and 35% say their company’s reputation was damaged as a result.

Most Common Type of Reported Scam is Email Phishing

When asked which types of phishing scams their company is most often targeted with, email phishing, in which the impersonator attempts to extract sensitive information or trick the recipient into making payments, was at the top of the list at 59%.

This was followed by malware phishing emails (58)%, malware phishing texts (51%), voice phishing (42%), and scammers impersonating a company executive to ask employees for money (35%).

The majority of companies who fell prey to scams in 2022 (80%) also report that they have a training program in place to teach employees about phishing, and 98% stated that they ‘somewhat’ (31%) or ‘strongly’ (68%) believe the program is effective in reducing scams.

When asked which positions, if any, are most commonly targeted by scams, 39% said non-management employees, 39% said managers, 38% said executives, 36% said HR staff, and 17% said no positions were more frequently targeted than others.


This survey was commissioned by PasswordManager.com and conducted online by the survey platform Pollfish from December 21 to 23, 2022. In total, 1,659 participants in the U.S. were surveyed. All participants had to pass through demographic filters to ensure they were age 25 or older, currently employed for wages or self-employed, have an income of $50,000/year or more, work at a company of at least 2 or more people, and are a C-level executive, owner or partner, HR manager, president/CEO/chairperson, or senior manager at their business. The survey used a convenience sampling method, and to avoid bias from this component Pollfish employs Random Device Engagement (RDE) to ensure both random and organic surveying. Learn more about Pollfish’s survey methodology or contact [email protected] for more information.