The Cyber Readiness Institute convened two global dialogues with small-and medium-sized business (SMB) representatives to gain organic input about cybersecurity operation and management practices as well as cybersecurity challenges for SMBs. The objective of these global dialogues was to gain knowledge about SMB needs which will help guide the work of the Cyber Readiness Institute.
The two dialogues brought together 15 companies from eight countries (Canada, Egypt, Germany, India, Singapore, Tanzania, Japan, and USA). The companies represented a vast array of industries ranging from healthcare to manufacturing and foodservices solutions, among others.
This assembly of diverse SMBs was made possible by the Center for Global Enterprise’s Global Scholars Program. Global Scholars is a global learning community centered on business learning for students, faculty, and professionals. The SMBs who participated in these dialogues were recruited by schools in the Global Scholars network and three schools, from India, Japan, and USA, participated in the conversations.
The conversations focused on the cybersecurity concerns and needs of SMBs. Five key challenges were mentioned by several companies across sectors and across the world:
First, a recurring theme regardless of company scale, is that people are the weakest link for many companies. There is insufficient education and training around cybersecurity threats and company policy. Additionally, it was noted that employees will find ways to work around company requirements if it makes their jobs easier, so policies must aim to protect a company from risk and not impede work.
Second, most cybersecurity solutions are expensive and beyond the means of many SMBs. Cloud solutions, penetration testing, and outsourcing help protect companies from cybersecurity breaches but they are expensive and most SMBs allot little to none of their budgets to cybersecurity.
Third, there are challenges with identity access, phishing, and patching. SMBs are not able to keep up with the changing styles of cybersecurity attacks and many do not have the human or financial capital to address the ever-changing challenges around cybersecurity.
Fourth, it is difficult for small-and medium-sized companies to keep up with the constantly evolving regulations and standards around cybersecurity. SMBs are faced by both customer requirements related to regulations, and direct governmental regulations which force them to rework their policies and products. SMBs feel subject to these changing requirements and cannot work preemptively to prevent disruption as regulations change.
And finally, there is insufficient threat awareness and preparedness. SMBs struggle to keep up-to-date with the changing cyber landscape and even when aware, are not properly equipped to handle a cybersecurity incident. These concerns provide the Cyber Readiness Institute with a first-hand understanding of what some SMBs face. In addition to this feedback, many SMB representatives discussed potential solutions and next steps for SMB cyber security.