Barracuda full logo

ITRC 2025 predictions: How data breach trends will impact your small business

Argomenti:
23 apr 2025
|
Tony Burgess

Raise your hand if your business has effectively unlimited resources that it can allocate to cybersecurity, data protection, privacy enforcement, and data-breach remediation.

Right, that’s what I thought. So, if your resources are limited, how do you choose the right investments to optimize your protection against an ever-evolving cyberthreat landscape?

The key is information—insights and informed predictions about the types of threats that are out there, and about the impacts they will have on businesses like yours. And one of the best sources of reliable, data-driven insights is the Identity Theft Resource Center (ITRC). 

ITRC Business Impact Reports

Back in November 2022, we covered the ITRC’s Business Impact Report for that year in this blog post, titled “Good news for small biz.”

The ITRC’s latest impact report, published in October 2024, is a little different. First, it’s a combined report, covering both consumer and business impacts. Second, when it comes to business, the findings include both positive and negative signals.

You can download the ITRC 2024 Consumer Impact – Business Impact Report here. And I highly recommend another, shorter document published in December 2024. In “2025 Predictions & 2024 Predictions Recap,” ITRC analysts review the accuracy of their previous predictions and issue new predictions for 2025.

Predictions

Let’s start with a quick pass through a few of the ITRC’s predictions for 2025, which are largely based on the new federal administration’s expected priorities and policy directions.

  • Cuts to security and law enforcement will drive increased identity crime 
    This amounts to a prediction that funding for combating cybercrime will be reduced at the federal level, and we’ve already seen that play out. Massive funding and staffing cuts to the US Cybersecurity and Infrastructure Security Agency (CISA) are already heavily impacting its ability to support businesses with research, tools and other resources. Whether this translates directly into increased identity crimes is yet to be determined, but it seems likely.

  • “The cybercrime job market will boom” 
    Cybercriminal organizations are increasingly using artificial intelligence and automated tools to accelerate their operations, and this means they can—and will—go on a hiring spree to recruit software testers and other staff that do not require high levels of technical skill.

  • Federal regulations will decline, leaving states and industries in charge 
    Federal regulations requiring organizations to report cyberattacks and breaches are expected to be weakened. Some 20 states already have privacy and cybersecurity regulations in place, and that number is expected to grow. This patchwork of regulations will mean compliance headaches for businesses operating in multiple states.  
     
    In addition, it’s predicted that increased reliance on poorly enforced self-regulation by industries will lead to increased identity crimes and consumer distrust. “Businesses will face greater reputational and financial risks due to breaches and fraud that stricter regulatory frameworks would help prevent.”

Business impacts

Turning to the more comprehensive Consumer Impact – Business Impact Report, the key takeaways for small businesses are, on the positive side, that 80% of small business leaders report increased investment in tools, training and processes to prevent and respond to cyberattacks and data breaches. 

On the negative side, however, the report finds a significantly higher number of data breaches and of cyberattacks leading to data breaches. And the number of small businesses reporting financial losses of more than $500,000 has doubled compared to the preceding year.

Another interesting point is that the number of organizations reporting no attacks at all dropped by about a third.

Preparedness matters

One key finding of the report is that very consistently, small businesses that invest in cybersecurity tools, training and processes experience fewer attacks, fewer breaches, and lower financial impacts. 

As an IT professional responsible for keeping your organization protected against the devastating impacts of a major data breach, it’s critical that you make targeted investments in comprehensive, platform-based solutions and capabilities that leverage best practices and advanced technology to optimize your cybersecurity posture.

 

Discover Barracuda's Cybersecurity Platform

 

 

Tony Burgess

Tony Burgess is a twenty-year veteran of the IT security industry and is Barracuda’s Senior Copywriter for Content and Customer Marketing. In this role, he researches complex technical subjects and translates findings into clear, useful, human-readable prose.

You can connect with Tony on LinkedIn here.

Post correlati:
Security audits play a vital role in defense
Security audits play a vital role in defense
 The rising threat of email attachments: Insights from Barracuda’s 2025 Email Threats Report
The rising threat of email attachments: Insights from Barracuda’s 2025 Email Threats Report
 Threat Spotlight: How company size affects the email threats targeting your business
Threat Spotlight: How company size affects the email threats targeting your business
 How updated guidelines on protecting controlled unclassified information impact SMBs
How updated guidelines on protecting controlled unclassified information impact SMBs
Search the blog

Subscribe to the Barracuda Blog.

Sign up to receive threat spotlights, industry commentary, and more.

Sign up to receive threat spotlights, industry commentary, and more.

Get all the latest news, research, and analysis delivered right to your inbox.