We recently partnered with Research Now to conduct a survey of 150 small business owners throughout the United States to get a sense of how this population is approaching risk mitigation and response. The key takeaway? Small businesses are more at risk than they think, and are not taking proactive steps or allocating budget to defend against cyber attacks.
Small businesses are concerned about cyber attacks, but not allocating budget for risk mitigation
The majority of businesses (58%) are in fact worried about cyber attacks, but 51% of these businesses are not allocating any budget at all to risk mitigation. Why? Over half of small businesses (53%) feel they don’t store any valuable data. The reality:
- 68% store email addresses
- 64% store phone numbers
- 54% store billing addresses
- 48% store home addresses
- 24% store SSNs
- 20% store credit/debit card numbers
This points to a significant educational disconnect for small businesses when it comes to understanding what personally identifiable information (PII) is and how vulnerable they really are. As with the Jomoco case study, it took one business email address to take down the entire business.
Other highlights from the survey:
- 31% of small businesses are not taking any proactive measures to mitigate cyber risk
- Only 24% of small businesses that are not allocating budget for cyber attacks feel they are well prepared to handle an attack
- Only 12% of small businesses have a breach preparedness plan in place
Awareness, education, monitoring and response
It will take collaboration between the security industry and public and private sectors to help bring security best practices from the back burner to top-of-mind for small business owners. These groups must become aware of the unique threats facing their business, and learn how they can help mitigate risk. Some recommendations: monitor business information to stay ahead of cyber threats, bake-in cyber security best practices to your business plan and corporate culture, and have a breach preparedness plan in place to minimize the impact of a breach.
Today, we launched the Small Business Monitoring product to help small businesses tackle cyber threat. For more information on this service, visit csid.com/sb.