There’s Only Two Types of Companies
There’s an old adage that some people have and continue to share that says, there’s two types of companies;
- Ones that have been hacked; and
- Ones that have been hacked but don’t know it.
If this is true, which one is your organization?
Most business owners don’t think cybersecurity is an important part of their business operations. Why? Perhaps it’s because they believe their business is not big enough or important enough to be a target.
Cybersecurity-apathy can leave an organization vulnerable to hackers and other malicious actors.
Small Business – Big Target
In the US, many Data Consumer Protection laws either currently in place or wandering through various state legislatures have two things in common.
- Number of record triggers; and
- Revenue triggers
With over 80% of businesses in the US being small and medium sized companies, these triggers exempt most American businesses from compliance. Additionally, business owners are opposed implementing even the most basic cybersecurity controls because they believe they are too costly or too restrictive to business operations.
Hackers know small businesses are more likely to have weak or non-existent cybersecurity controls in place shown by the statistic that nearly half of all the cyber-attacks each of the last three years have targeted small businesses.
Small Business – Out of Business
In general, a small business is categorized by those that have fewer than 500 employees, with only few exceptions. Most Cybersecurity firms that generate yearly reports use this number.
The statistics of the impacts of cybersecurity incidents on small businesses are shocking:
- The average cost of a data breach is $2.98 million
- 93% of data breaches are financially motivated
- 63% of Small Businesses report a data breach within the last 12 months
- 41% of Small Businesses report poor security awareness of their employees
These are sobering, but the most sobering fact regarding Cybersecurity-apathy is that over 60% of Small Businesses that experience a cyber attack are out of business within 6 months.
Updating the Adage
Year after year, there is little change in the statistics of small business and cyber security. Perhaps it’s time to update the saying. Instead of there being two types of companies, there are four:
- Those that have been hacked
- Those that don’t know they’ve been hacked
- Those too apathetic or cheap to prevent being hacked
- Those that a hack put out of business
Questions for You!
What are your thoughts on this article?
Do you see this in your world or around you?
Have you been able to successfully address this issue in your organization, and if so, how to you do it?
If you have thoughts on any of these questions or other relevant and related ones, please leave a comment in the comment section below. Please note to keep our environment clean and free of advertisments of any kind, comments may not include external links, citing company names to promote them, or the like.