How small businesses approach risk mitigation and response

CSID released the findings of a survey recently conducted for small businesses (under 10 employees) to determine sentiment and concerns from small business owners around cyber security and how this population is approaching risk mitigation and response.

Most small businesses are worried about cyber attacks (58%) with financial damage (23%), disruption of service to customers (21%) and customers’ information being stolen (21%) reported as the three biggest concerns. However, 51% are not currently allocating any budget to cyber attack mitigation.

53% of small businesses reported that they do not store valuable data, yet 68% of respondents store email addresses, 65% store phone numbers, 54% store billing addresses, and 49% store home addresses. This indicates a lack of awareness around the value of the information they are storing.

Only 36% of small businesses feel they rank “above average” in data breach preparedness. Yet, more than three-fourths of the businesses (76%) that rate their preparedness to handle a data breach at “average” or worse aren’t allocating any budget to cyber attack risk mitigation.

While less than a quarter (24%) of small businesses feel well prepared to handle cyber attacks, nearly a third (31%) are not taking any measures to prepare for such attacks. The same amount (31%) reported that they monitor business credit reports and only 38% upgrade their software solutions regularly.