Life has never been easy for America’s nearly 32 million small businesses. According to the Small Business Administration, approximately 20% of small business startups fail in their first year, with half failing within five years. Larger companies have always had more capital, easier access to loans, and greater staying power.
Survival has recently become more difficult for two reasons, one obvious and one less so. The economic backdrop today is one of strong demand, short supply, and high inflation, and big businesses have largely held their own due to their heft, sophistication, and strong vendor ties. However, it has been a more difficult road for many small and medium-sized businesses, reflecting less supply chain purchasing power and less ability to raise wages.
This was somewhat predictable given the circumstances, but the second small business headache today – increased cybersecurity concerns – was not.
Because many SMBs have not taken cybersecurity seriously, they are being breached at a much higher rate. Small businesses, like large corporations, have accelerated their adoption of new digital technologies for remote work, production, and sales. However, despite the fact that their expanded computer networks have created new vulnerabilities for phishing and ransomware attacks, they have not committed to significant cybersecurity spending.
As an outcome, the risk of a cyber-attack for SMBs, which was already higher than the risk for large corporations, has risen dramatically in recent years. According to RiskRecon, a MasterCard unit that assesses companies’ cybersecurity risk, data breaches at small businesses worldwide increased by 152% between 2020 and 2021. This figure is twice as high as it was in larger companies during the same time period.
Furthermore, an IBM 2021 study found that 52 percent of small businesses had experienced a cyberattack in the previous year, a figure that is likely higher now because there are more cyber-attacks. Meanwhile, according to a recent survey conducted by UpCity, a Chicago-based business service provider, only half of U.S. small businesses have a cybersecurity plan in place for 2022. While this is a slight improvement over the past, it still means that half of the population lacks a plan, which is a significant issue.
Given today’s difficult circumstances, it’s not surprising that small businesses are more concerned with day-to-day survival. Nonetheless, long-term survival is unlikely without a credible cybersecurity program. After all, almost everything has gone digital. Today, all sensitive personal files are stored on a computer, and banks and credit card accounts, as well as the financial information of large and small businesses, are accessible online. It’s also important to remember that cybercriminals can be found both inside and outside of businesses.