A company’s
perception of the importance of cybersecurity depends on the size of the
business, new research shows. Small businesses are less apprehensive of cyber
attacks than bigger organizations, and according to one study, cybercriminals
may soon set their sights on smaller entities with their guard down.
89% of small businesses are moving to a remote workforce during Covid-19 stay-at-home orders, according to a survey of 400 small business owners conducted by the Cyber Readiness Institute (CRI).
The researchers
found businesses with fewer than 10 employees differed sharply from larger
businesses in the importance they give to cybersecurity. The smaller the
business, the less it focuses on cybersecurity.
31% of small
business owners with fewer than 10 employees said work-from-home orders have
increased their cybersecurity concerns. That number shoots up to 41% for
companies with more than 10 employees. Not exactly a huge gap. But more granular
questions reveal bigger discrepancies.
For example,
the lower levels of concern for micro-businesses also equates to much smaller
investments in cybersecurity. Only 45% of small business owners with fewer than
10 employees have increased time, money or human capital investments as it
relates to cybersecurity. For businesses with more than 10 employees, that
number is 80%.
More than
half of small business owners with more than 10 employees have increased cyber
education over the past two month, as opposed to just 22% of those with fewer
than 10 employees.
Other key
findings include:
- 49%
of small businesses will maintain at least a partial remote workforce after
Covid-19 restrictions are lifted. - 62%
of small business owners support tax incentives or federal grants for
cybersecurity investments. - Password
management and phishing attacks are the top two concerns of nearly half of all
small business owners. - 35%
of small businesses with fewer than 10 employees have no incident response
policy. - More
than 42% of businesses have provided additional password training or policies
over the past two months. - 30%
of small businesses have used new free cybersecurity tools since work-at-home
orders began. - 25%
of small business owners anticipate hiring new cybersecurity staff or
consultants over the next six months.
“For
malicious actors looking for vulnerable targets, small businesses remain a
primary target, particularly during the Covid-19 pandemic,” said Kiersten Todt,
executive director of The Cyber Readiness Institute. “Small businesses can make
themselves resilient against common attacks, such as phishing, by focusing on
employee education and awareness and creating a culture of cyber readiness
within the organization.”
The Institute
has outlined basic steps that every organization can take to secure their
remote workforce, including best cyber-hygiene practices that focus on using
secure passwords, patch management, and understanding the tricks bad actors use
to penetrate an infrastructure.