News & Events

Top Reasons SMBs are Vulnerable to Data Breaches

According to data from the Census Bureau’s Annual Survey of Entrepreneurs, there were “5.6 million employer firms in the United States in 2016.  Firms with fewer than 500 workers accounted for 99.7 percent of those businesses."  Protecting these small and medium-sized businesses from cyber threats and improving their cybersecurity is integral to the success of the economy. 

 The Cyber Readiness Institute (CRI) will be launching the Cyber Readiness Program later this year. This Program will provide SMBs with tools and resources to help them improve their cybersecurity by focusing on people and policies. In the meantime, it is worth noting a few of the reasons that these companies are vulnerable:

  • Resources: Small businesses traditionally have fewer resources available to combat cyber threats. However, taking small, but meaningful steps can be helpful in mitigating the risk of a likely cyber attack.   

Cybersecurity Leadership: 

  • Small businesses are particularly vulnerable to cyber attacks because they do not have a leadership role within their organization responsible for cybersecurity.  The Better Business Bureau found that, "twenty-three percent of small businesses have a leadership role dedicated to cyber, whereas most (46%) have no defined role at all." By properly identifying a senior-level individual within their company, small businesses are more effectively positioned to create a culture of cyber readiness and educate employees on their roles and responsibilities in cybersecurity.   Businesses cited a lack of resources and expertise as the top factors that hinder their organization’s ability to properly address these issues according the Better Business Bureau.   
  • Covering the basics: Employee behavior is the cause of most breaches.   Phishing, a tool used by hackers to access networks, is one of the most popular methods to access networks, according to the Better Business Bureau (BBB). According to the Verizon Data Breach Report, phishing represents 93% of data breaches with emails being the most popular form of entry. A BBB survey found that 25% of small businesses were not aware of the dangers of phishing  In order to prevent these attacks from occurring, the Federal Communications Commission recommends that small businesses hold their employees accountable and train them to recognize these types of malicious emails. With proper employee education and training, the phishing threat can be mitigated.  

Read the Small Business Cyber Report here

Read the Verizon 2018 Data Breach Report here

Read the Better Business Bureau Report here

For more information about the Cyber Readiness Institute, please contact Henry Vido, Program Director, at [email protected].