Cybersecurity Awareness Month Series: Cybersecurity is Important for Small Business Too


Small businesses may be discouraged from investing in preventive cybersecurity measures due to the expense involved and the mistaken belief that only larger companies are the target of cybercrimes. But that is not the case. The FBI’s Internet Crime Report indicated the cost of cybercrimes against small businesses reached $2.4 billion in 2021, indicating that small businesses are squarely in the crosshairs of criminal cyber gangs.

In addition to the risk to the business itself, small businesses may be vendors of larger corporations. In many instances, the underlying business agreements may require that these vendors (small businesses) implement and maintain reasonable cybersecurity controls. Depending on the terms of the agreement, the vendor may also be obligated to indemnify the larger corporation for any data security incident that impacts the corporation’s data. For a small business, these costs could be crippling.

One important component of any cybersecurity program to help small businesses avoid cyberattacks is implementing appropriate policies and procedures that address cybersecurity, including employee training.

Some of the policies that businesses should consider include:

Small businesses should also require strong passwords and train employees to recognize phishing emails.

For other best practices to avoid cyberattacks, the Small Business Administration has a short guide.


Jackson Lewis P.C. © 2025
National Law Review, Volume XIII, Number 303