Cybersecurity is important for every business including small businesses. 43% of cyber attacks target small businesses.[1] Despite that, one in three small businesses with 50 or fewer employees rely on free or consumer-grade cybersecurity tools. One in five companies does not use any endpoint security whatsoever.[2] If cyberattacks are such a big threat for small businesses then what is keeping them from taking action?
Cybersecurity Isn’t a Priority
Small businesses have limited staff and limited funds. Cybersecurity in general is not a requirement for small businesses, even if it was, regulators, in general, do not audit small businesses. Large companies do not always force companies in their supply chain to meet any basic cybersecurity requirements and consumers only seem to care when they are impacted by a data breach. So for many small businesses cybersecurity isn’t high on the priority list.
They Think Cybersecurity is Expensive
Small businesses don’t have the personnel to maintain a basic cybersecurity program and in general, don’t care to hire a consultant. Why? Because cybersecurity is a cost center. The money a small business injects into security doesn’t generate revenue. In a small business, it is very difficult to prove the cost savings created by cybersecurity. So if a business has a limited amount of funds then it would rather spend it on something that can generate more revenue. After all, the ultimate goal of a business is to generate as much revenue as possible with the least amount of cost.
Based on the conversations I have had with small businesses trying to meet U.S. Department of Defense cybersecurity requirements I noticed a trend where small businesses are tired of cybersecurity companies offering over-priced services that they don’t need. The cybersecurity community definitely needs to work on this because we are creating a negative image of ourselves.
They Don’t Want Security to Impact Productivity
Small business owners are concerned that cybersecurity controls will impact worker productivity. The fewer privileges a user has on their system the less they can do. If revoke admin rights from employees then they will need help installing software and making other changes. To a business owner, this means less productivity even though you may end up saving more time by keeping systems clear of malware.
Cybersecurity Sounds Complicated
When a layman hears the word cybersecurity they think of complex computer codes running across a screen just like they saw in a Hollywood film. They don’t immediately think about changing firewall configurations or deploying antivirus software to all of their endpoints. Because it seems complicated it seems like a big effort and is perhaps expensive. In reality, small businesses do not do much to achieve basic cyber hygiene.
Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you
NIST SP 800-171 & CMMC Compliance
Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
HIPAA Compliance
Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
FAR 52.204-21 Compliance
Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
ISO 27001 Compliance
Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.