By Devin Smith*
If you think your small venture will never be the apple of a hacker’s eye, then I am sorry my friend, you are living in a fool’s paradise.
How could hackers ignore 30.2 million small businesses, that are operating in the US alone – a bedrock of the economy – employing almost half of the total workforce?
Cybersecurity is becoming a legitimate threat to small businesses, but are small businesses acting upon that threat?
According to the Hiscox Small Business Cybersecurity Report:
- 47% of small businesses experienced a cyberattack in the past 12 months.
- Out of this 47%, 44% experienced two, three, or four attacks, and eight percent had five or more.
- Only 52% of businesses have a cybersecurity plan.
- The average cost of cybersecurity in a year for small businesses is $34,604.
- 65% of small businesses have failed to act after a cybersecurity incident.
Why don’t small businesses care about cybersecurity?
It is not fair to assume that all the small businesses don’t care about it, but they do often ignore the threat. Even with such alarming statistics and suggested tips smaller firms consistently overlook the risk of cyberattacks.
Why I am stressing this is because cyber threats aren’t always obvious, but ultimately can be as bad as physical security threats.
Unfortunately, many small businesses live with an “out of sight, out of mind” mentality that brings horrible consequences; fails to protect their business from cybersecurity threats and may lose critical company information while damaging their brand and losing resources.
Sometimes cyber attacks can be so bad that a business ultimately goes out of the market.
One of the big reasons small SMEs avoid putting resources for cybersecurity is a lack of understanding and concern; maybe the term “cybersecurity” sounds complicated to them.
SMEs avoidance can lead to Recession
Yes, the threshold of which small businesses are falling victim to cyberattacks is at an alarming rate – whether you know it or not – this reality is putting the economy at risk.
As large companies spend endless amounts of resources to fortify their digital assets, hackers, cybercriminals, and fraudsters have turned their attention to those who cannot afford such impenetrable defenses: small and mid-sized enterprises.
The risk to small businesses is undoubtedly a big concern to their stakeholders, but the more significant issue at present is the risk now posing to the national economy as a whole.
Recessions are typically driven by events trickling down throughout society, like; rising interest rates, international conflict, credit crunches, or high oil prices, including geopolitical activities.
It is plausible that the next recession will be from the bottom up and not the top down; the aggregate of attacks on SMEs continues to cause disruption to business continuity, revenue losses, employee layoffs, and permanent closures, the net negatives could bubble up into the mainstream. This depressive state could certainly hamper consumer confidence, halt risk-taking, slow GDP, and decimate job growth so much so that the next recession will possibly be born.
Harvard Business Review suggests that a cyberattack would be the next financial crunch if it exploited financial services capabilities, especially payment systems.
While such crisis could start from the top, but could also start from the bottom. For example; if hundreds of SMEs were forced to shut down their operations due to cyberattacks, it could decline in deposits that significantly hurt a bank’s ability to continue, complimenting related consequences.
In addition, when small businesses fail to thrive, they drag down job numbers, both consumers and small businesses would spend less, which trickles up to the line to larger businesses and the economy as a whole.
Let’s join hands to protect SMEs from being trapped at the hands of bad actors, as they are not alone, the whole economy is dependent on them.
How to improve small business cybersecurity?
As per the research conducted by NextGov, “The U.S. economy loses between $57 billion and $109 billion per year to malicious cyber activity.”
Such numbers would further worsen as the economy begins to factor in all of the SMEs losses from cybercrime.
Helping them is our right as a whole; here are three things that we can – I would say – must do right away:
Government-backed incentives – As much as our government secures our borders, air travel, and financial system, it must now help us securing our digital environments, especially of those that cannot afford to do so. A good starting point could be financial incentives to spur innovation; incentives produce results and the stigma of forcing companies to act. In many cases, the federal government has used tax deductions and rebates to encourage the behavior.
Improve organizational awareness – It’s the core responsibility for small businesses and communities to raise awareness in organizations and to increase their defenses as they could. One important action is to conduct a third-party security assessment to identify vulnerabilities; once all digital weaknesses identified, then leadership can be created to develop an incident response plan to mitigate losses. Such activities aren’t always free, but are affordable and may prove to save businesses in the long run.
Cut cyber insurance premiums – Cyber insurance can benefit small businesses in the event of an attack as damages from cyberattacks are excluded from general liability policies. And without coverage, SMEs left on the hook for data loss, damages, ransoms, and other liabilities. However, many SMEs are currently priced out of the cyber insurance industry, and policies are not covering the primary attack vector – email phishing. Making cyber insurance truly available to the masses will require assistance via grants or tax deductions from the government (state and federal).
Flourishing cybercrime is a risk for the whole economy
Enabling cybercrime to fester among SMEs is the present-day fragility that need to be taken seriously, when considering how unprepared it is to defend against the plethora of attacks. For this reason, it is possible that the damages from small businesses can facilitate the next great recession.
*Devin Smith works as a tech geek and has been associated with tech and online security for the last half-decade.