As the eighth annual National Cyber Security Awareness month winds down, a new survey highlights the dangerous disconnect between perception and reality among small business owners about their cyber security efforts. The survey, sponsored by Symantec and the National Cyber Security Alliance, found that more than 80 percent of small business owners believed they were safe from cyber attacks, yet relatively few took steps to eliminate the risks of such attacks by, for example, formalizing an internet security policy or preparing a contingency plan in the event of a data breach.
Perhaps more troubling, the survey demonstrated that the ill-preparedness of small businesses is not due to a lack of awareness of such risks, or an underestimation of the harm cyber attacks pose to their day-to-day operations. Indeed, two-thirds of the surveyed companies say their company is dependent on the Internet, and many of the companies indicated they deal with sensitive information such as financial records, private customer data and intellectual property.
Because the media often focuses its attention on the large, sophisticated cyber attacks that disrupt large corporations and result in massive data and privacy breaches, it is easy for small businesses to believe that they are simply not an attractive target for cyber thieves. Yet in many respects smaller businesses represent the “low hanging fruit” for such attacks, since they still deal with sensitive and valuable information. Moreover, given their smaller size, small businesses may stand to lose more from cyber attacks.
Given the ease with which cyber attacks can be launched, and the increased frequency of such attacks, small business owners would do well to re-evaluate their efforts to keep their data safe and secure.