The Small Business Cybersecurity Knowledge Gap

Morgan O'Rourke


September 3, 2019

Findings CybersecurityDespite 65% admitting they have been the victim of a cyberattack and 86% believing digital risk will increase, only 4% of small business owners have implemented all of the U.S. Small Business Administration’s cybersecurity best practices, according to a survey by Nationwide. These include: establishing security practices and policies to protect sensitive information; educating employees about cyberthreats and holding them accountable; requiring them to use strong passwords and change them often; employing best practices for payment cards; backing up important business data and information; creating a mobile device action plan; and protecting all pages on public-facing websites.

In fact, one in five small business owners do not provide employees with any formal cybersecurity training at all. Further, 83% percent of all small business owners and 95% of young business owners (from 18 to 34 years of age) offer employees the option to work remotely, which often increases their susceptibility to cyberrisk, but only 50% have updated their remote work security policy in the past year.

Morgan O’Rourke is editor in chief of Risk Management and director of publications for the Risk & Insurance Management Society, Inc. (RIMS)