Washington, D.C., October 23, 2019 – A new survey released by the National Cyber Security Alliance (NCSA) today found that an overwhelming majority of small businesses believe that they are a target of cybercriminals, highlighting the growing awareness among this group about the threat of a cyberattack. The Zogby Analytics survey – which was commissioned by NCSA and polled 1,006 small business decision makers – revealed that 88 percent of smaller-sized organizations believe that they are at least a “somewhat likely” target for cybercriminals, including almost half (46%) who believe they are a “very likely” target.
Released during National Cybersecurity Awareness Month (NCSAM), the survey showed that with small businesses more aware of a data breach threat, many are responding with strong cybersecurity measures. Almost half (46%) of surveyed businesses feel “very prepared” to respond quickly and appropriately to limit the impact of a data breach or cybersecurity incident, were they to happen today. More than half (58%) say they have a response plan that they can immediately put into action while 36 percent say they would be able to fully operate without computers following a breach. The full survey results can be viewed here: https://staysafeonline.org/small-business-target-survey-data/
“Cybersecurity remains a serious threat for businesses and consumers alike, so it is encouraging to see more businesses educating themselves about cybersecurity,” said Daniel Eliot, NCSA’s director of education & strategic initiatives. “As a result, they are learning that they are not immune to attacks – as many small businesses once believed – and are learning to better protect themselves and their most important assets.”
Despite small businesses’ increased knowledge about cybersecurity, devastating data breaches are not unheard of. More than a quarter (28%) of survey respondents have experienced an official data breach within the past 12 months. As a result, 37 percent of those suffered a financial loss, 25 percent filed for bankruptcy and 10 percent went out of business.
Other survey highlights include:
- Larger companies are better prepared for a cyber breach – 73 percent of businesses with 251-500 employees have a response plan that they can immediately put into action and 44 percent would be able to fully operate without computers (for companies with 1-10 employees the respective numbers are 37% and 26%).
- 51 percent of small business decision makers believes that smartphones pose just as much cyber risk to their organization as computers do, while an additional third (31%) believe they pose more risk.
- 63 percent have a clearly articulated process for employees to report potential cyberthreats to leadership, and 73 percent have a clearly articulated business process that outlines how employees should securely dispose of equipment and data.
- 41 percent of businesses back up their business data on a daily basis while almost a quarter (21%) do it multiple times per day.
The National Cyber Security Alliance encourages all businesses to implement a cybersecurity program based on the National Institute of Standards and Technology Cybersecurity Framework:
- Identifyand understand which business assets (“digital crown jewels”) others want
- Learn how to protectthose assets
- Detectwhen something has gone wrong
- Respondquickly to minimize impact and implement an action plan
- Learn what resources are needed to recoverafter a breach
The Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security, which co-leads NCSAM with NCSA, is conducting a survey on cybersecurity issues in the small and mid-sized business (#SMB) community and welcomes organizations’ participation.
The survey focuses on companies’ awareness and use of the NIST Cybersecurity Framework. The voluntary survey addresses companies’ familiarity with the Framework, their perceptions regarding potential barriers to using the Framework, their concerns related to cybersecurity, as well as how those concerns rank relative to other business priorities. It also seeks companies’ suggestions for strengthening the overall cybersecurity posture of SMBs.
To access the survey, please visit https://www.surveymonkey.com/r/NXBCNQH. The survey should only take 30 minutes. Questions marked with an asterisk (*) are required. The survey can only be taken survey once, but responses can be edited until the survey is closed on November 11.
About National Cybersecurity Awareness Month
NCSAM is designed to engage and educate public- and private-sector partners through events and initiatives with the goal of raising awareness about cybersecurity to increase the resiliency of the nation in the event of a cyber incident. Since the Presidential proclamation establishing NCSAM in 2004, the initiative has been formally recognized by Congress, federal, state and local governments and leaders from industry and academia. This united effort is necessary to maintain a cyberspace that is safer and more resilient and remains a source of tremendous opportunity and growth for years to come. For more information, visit https://staysafeonline.org/ncsam/ or https://niccs.us-cert.gov/national-cybersecurity-awareness-month-2019
About the National Cyber Security Alliance
NCSA is the nation’s leading nonprofit, public-private partnership promoting cybersecurity and privacy education and awareness. NCSA works with a broad array of stakeholders in government, industry and civil society. NCSA’s primary partners are the Cybersecurity and Infrastructure Security Agency and NCSA’s Board of Directors, which includes representatives from ADP; American Express; Bank of America; Cisco; Cofense; Comcast Corporation; Eli Lilly and Company; ESET North America; Facebook; Google; Infosec; Intel Corporation; LogMeIn, Inc.; Marriott International; Mastercard; Microsoft Corporation; Mimecast; Proofpoint; Raytheon; Symantec Corporation; Trend Micro, Inc.; Uber: U.S. Bank; Visa and Wells Fargo. NCSA’s core efforts include National Cybersecurity Awareness Month (October); Data Privacy Day (Jan. 28); STOP. THINK. CONNECT.™, the global online safety awareness and education campaign co-founded by NCSA and the Anti-Phishing Working Group with federal government leadership from the Department of Homeland Security; and CyberSecure My Business™, which offers webinars, web resources and workshops to help businesses be resistant to and resilient from cyberattacks. For more information on NCSA, please visit https://staysafeonline.org/about/.
About the Cybersecurity and Infrastructure Security Agency (CISA)
CISA was created in November 2018 as the first civilian cybersecurity agency in the U.S. federal government. The agency leads the national effort to defend critical infrastructure against the threats of today, while working with partners across all levels of government and in the private sector to secure against the evolving risks of tomorrow.