2012 National Small Business Study by the National Cyber Security Alliance

Export to PDF | Export to DOC

The National Cyber Security Alliance has conducted a new study with Symantec to analyze cybersecurity practices, behaviors and perceptions of small businesses (less than 250 employees) throughout the United States.  These are just some of the key facts from the survey results.  For more information or to view the complete survey results, visit the NCSA website.

 

Small Businesses are Increasingly Dependent on the Internet

• Eighty-seven percent of SMBs have one or more employees who use the Internet for daily operations.
• Seventy-one percent of SMBs say their business is somewhat or very dependent on the Internet for day-to-day operations, two-thirds (66 percent) of which say they’ve become more dependent on the Internet in the last 12 months.
• A majority of small business owners (55 percent) say that the loss of Internet access for 48 straight hours during a regular business week would be disruptive to their business – two-fifths (38 percent) of which say it would be extremely disruptive.

 

SMBs Say a Safe, Secure Internet is Important to their Success…

• Seventy-three percent of SMBs say a safe and trusted Internet is critical to their business’s success, 46 percent of which say very critical.
• At the same time, forty-four percent of SMBs agree that their customers are concerned about the IT security of their business.
• Seventy-seven percent of SMBs think having a strong cybersecurity and online safety posture is good for their company’s brand.

 

Yet a Majority Have No Internet Security Policies, Procedures

• Eighty-seven percent of SMBs do not have a formal written Internet security policy for employees while 69 percent do not have even an informal Internet security policy for employees.
• At the same time, 10 percent say they have a formal written Internet security policy while 28 percent say they have an informal Internet security policy for employees to follow.
• Seventy-five percent of SMBs do not have policies for employee social media use on the job while 23 percent have established policies.
• Eighty-three percent of SMBs say they do not have a written plan in place for keeping their business cyber-secure while 14 percent say they do have a written plan.
• Sixty percent of SMBs say they do not have a privacy policy that employees must comply with when they handle customer or employee information while 38 percent say they do have a privacy policy.

 

Even Though Most SMBs Have No Cybersecurity Policies/Plans, Many Say They’re Satisfied with their Online Safety Posture

• Eighty-six percent of SMBs say they are satisfied with the amount of security they provide to protect customer or employee data while six percent say they’re very or somewhat unsatisfied.
• Eighty-three percent of SMBs strongly or somewhat agree that they are doing enough or making enough investments to protect customer data (59); seven
percent strongly or somewhat disagree they aren’t doing enough.
• Seventy-seven percent of SMBs think their company is safe, 32 percent of which say very safe, from hackers, viruses, malware or a cyber-security breach given the measures they’ve have taken while four percent say they do not feel very safe at all.
• Forty-eight percent of SMB owners/operators say their company data is safer than it was a year ago while eight percent say it is less safer than a year ago.

 

Although Many SMBs Fail After a Data Breach, Nearly Half Say a Breach Would Have No Impact

• Forty-seven percent of SMB owners/operators believe if their business were to suffer a data breach, the occurrence would be viewed as an isolated incident and would have no impact.
• Eighteen percent of SMB owners/operators say they would not know if their computer network was compromised (i.e. infected with a virus, private
information stolen, etc.).
• Sixteen percent of SMB owners/operators say they’re concerned about an external threat such as a hacker or cyber-criminal stealing data while only two percent say they’re concerned about an internal threat such as an employee, ex-employee, or contractor/consultant stealing data – 66 percent say they’re concerned about neither.

 

SMBs Have Little or No Contingency Plans for Responding to Security Breaches, Incidents

• Fifty-nine percent of small business owners/operators say they do not have a contingency plan outlining procedures for responding and reporting a data breach loss such as: loss of customer or employee information; loss of credit or debit card information; or loss of intellectual property; 31 percent say they do have a contingency plan to handle such challenges.

 

IT Security/Management Rests Mainly on the Shoulders of SMB Owners/Operators

• Sixty-nine percent of small business websites are managed in-house while 29 percent of SMBs outsource the management of their website.
• One in ten (11 percent) SMB owners/operators say no one is responsible for online and cybersecurity at their business. At the same time, 66 percent say they are responsible for online and cyber safety at their establishment while nine percent rely on an IT savvy employee and eight percent use an outside IT consultant.

Leave a Reply

Your email address will not be published. Required fields are marked *