Considerations for Small Business Cyber Security
March 24, 2022
25 min read
In the past, a small business (>100 employees) could cruise by when it came to security. This has very much changed over the last one to two years with security continuing to be a more challenging landscape into the foreseeable future.
As a result of this, you will see small businesses drastically increasing their budgets for cyber security talent and managed services. These costs will be more than what these organizations are used to paying. They will look to their small business IT service providers only to find security services unavailable amidst delivery of their normal services. This paves a path for innovation with how security providers deliver cyber security support and services to small businesses in great need of them.
A Practical Guide on Successfully Choosing a Cyber Security Consulting Firm
We like to believe we have long offered an innovative solution at CISOSHARE for small businesses, that will only continue to adapt as small businesses do. You will also see small business IT service providers get innovative to meet this demand with their cyber security offerings.
Here are the top five security issues driving this major shift in small business security approaches:
- Innovation technology is more available: Small businesses are going to the cloud, they are leveraging more complex fintech solutions, and on and on and on. Not a week goes by where we do not get a call from a very small organization trying to do very complex things. More complex technical things to build require more complex approaches to secure.
The common small business today does not have affordable access to the expertise necessary to provide the complex security guidance needed for these innovative technologies. Further, many of today’s small business IT providers that these organizations leverage do not have this expertise. This is leaving small businesses highly exposed and, even worse, most of the time in situations where they don’t even know it. Well, the ability to get this talent is the second issue.
- Lack of innovation talent: Even if a small business wants access to the necessary highly skilled security expertise they need, there is a shortage of this talent making it very expensive and hard to access. This is a big problem for organizations of all sizes today, but the difference between small businesses and large ones is that the larger ones can pay the big dollars to get access to this talent in the situations where they have no choice
- The Cyber insurance safety net is gone: Small businesses used to lean on getting affordable cyber insurance policies to offset the deficiencies identified above. You could get a policy even with limited security protections in place and it was at a manageable price point. If you then had a breach, it would be covered.
This led to dramatic losses in the cyber insurance industry as organizations were breached and the cyber insurers suffered. As a result, many insurance carriers are now leaving the cyber insurance space. Those that have stayed are heavily increasing premiums, enacting much more stringent security requirements that must be in place before a policy is issued, and setting many coverage exclusions that are dangerous for organizations even if they do get insured. The insurance policy safety net is gone for the average small business.
- Supply chain issues: This is a two-pronged issue. First, as organizations outsource more and more of their non-core business processes, such as their HR, IT environment, financial systems, etc., they need to assess the security of these service providers. Many small businesses, and also large ones for that matter, do not have the internal capabilities to perform these 3rd-party assessments. This leaves these organizations exposed as this is a primary vector for breaches.
Second, regulated organizations such as in healthcare and the federal government, are increasing their requirements and 3rd-party assessments on all businesses, including small ones. So, while small businesses are struggling to assess their own suppliers, they are also struggling to respond to assessments of their customers. Both problems will continue to get worse.
- Increasing data sets and associated regulations: As organizations increasingly use innovative technologies to collect more information, while leveraging the Internet to go global, even very small businesses will end up managing larger and more diverse data record sets than ever before.
In combination with this, states and countries are dramatically increasing their regulatory requirements to secure this sensitive data and implementing steeper fines if you do not. This is a very big problem for small businesses that will get worse over time before it gets better
In summary, the security situation for small businesses is worsening and organizations are in a difficult situation at this point. However, as always there is hope, though it may take a little time.
The key will be in how solution providers innovate to meet the small business needs but with economies that make sense for everyone. We think we have made some progress in this area with our approach for small businesses at CISOSHARE. Start with an assessment today, and discover how we can meet your needs within your budget.