Small businesses face an increased risk of cyberattack. More and more cyber claims stem from small businesses and small businesses make up an increasing share of the total losses caused by cyber attacks. As this threat evolves, small businesses can no longer ignore their cyber risks without facing disastrous consequences.
Traditionally, people have thought of large multi-national corporations as the target of most cybercrime. These businesses have the most money and the most amount of personal information on customers and employees; this makes them the most attractive targets. As large businesses have become more adept at protecting themselves from cyberattacks, however, criminals have turned to softer targets.
In the past two years, small businesses have accounted for over half of all cyberattacks in the United States. What’s more, many small businesses are unable to survive the consequences of falling victim to cybercrime. Sixty percent of small businesses will go bankrupt or cease operations within six months of a cyber-attack. In the face of these realities, small business owners can no longer depend on a hope and pray strategy.
Much of the software used in cyberattacks is automated. It does not take a lot of sophistication on the part of the criminals to use once those criminals have purchased it. This means there are a lot more “hackers” and a lot more of them willing to target smaller payoffs. Additionally, attacks like WannaCry and NotPeyta spread rapidly from large businesses to small ones. Simply because a business was not specifically targeted was not in of itself protection.
Congress has attempted to act to protect small businesses. In 2019, they passed the Small Business Development Center Cyber Training Act. The Act is aimed at training a host of personnel at the Small Business Development Center in cybersecurity so that they can properly advise small businesses on cyber security issues.
The insurance industry is also attempting to help. Carriers are increasingly trying to write cyber insurance policies for small businesses. Given the competition, affordable cyber insurance with extensive coverage grants is available for almost all businesses. Cyber insurance is increasingly a necessity for any businesses.
The evidence is, though, that this is not enough to protect small businesses from attacks. Companies need to be thinking of cyber risk and how to manage it constantly. Companies may not have the resources to hire full-time information technology and cyber security professionals, but they can make sure everyone is trained on how to spot suspicious emails. They can also take proactive steps to ensure information is consistently backed up, and that cyberattack responses plans are in place so that the business can respond rapidly when attacks do occur.
Nothing is failure proof in the cyber world, but simple steps exist that smaller businesses can take to help ensure they survive when they finally fall victim to an attack.