Dispelling 5 Myths around Cybersecurity for Small Businesses
Data and technology have become central to the business in most companies including small firms, and in particular since the Covid pandemic which has forced many towards an accelerated digital transformation or a complete re-invention.
Cyber threats are more active than ever, with firms – large and small – falling victims to indiscriminate cyber-attacks on a continuous basis: This is increasingly being seen as a matter of WHEN, not IF for most industry sectors.
In addition, regulations have been tightening world-wide around personal data (GDPR, CCPA and many others), fines are growing, and regulators have been targeting all firms irrespective of size.
All this is changing the context in which small businesses need to approach cybersecurity.
Still, in small and mid-size businesses, the main roadblock is often a lack of understanding of what needs to be done around security and privacy to ensure sufficient protection, and how priorities must be set in the current climate in support of the digital, remote and cloud-based enterprise.
At best, it leads to putting in place isolated and disjointed protective measures.
At worst, senior stakeholders simply don’t know where to start and some technical illiteracy gives way to misconceptions, which – in turn – deprioritise action around security in spite of legitimate and growing concerns.
Time to dispel a few of those myths to help small businesses move forward.
Myth #1 – Security measures are an annoyance; they create friction and turn customers away
This is less and less the case, as people get hacked and learn the hard way the need for stronger security.
Ruthless data monetization, personalization or aggressive data surveillance – on the other hand – are increasingly a source of ethical concerns with customers and staff, in particular amongst younger generations.
Myth #2 – We have other priorities; it will divert resources away from essential activities
In fact, security issues are most likely to turn customers away in the current climate.
Maintaining good security levels is an essential activity and may generate sales if you turn it into a competitive advantage and weave it into your USP.
Myth #3 – We can’t afford it; It’s too expensive for us
Basic measures don’t have to be very complicated or expensive and will go a long way to provide a degree of protection.
Incidents – on the other hand – are expensive to deal with and retrofitting security and privacy measures under duress after something has happened will be painful.
Cyber insurance is also getting more and more expensive, and less and less reliable due to the accumulation of exclusions.
Myth #4 – It won’t happen to us because we are too small
This is now practically baseless. Cyber-attacks and data breaches are constantly in the news. Cyber threats are more virulent than ever and evidence abound that they target all firms irrespective of size.
Myth #5 – It’s not really our problem because we are “in the Cloud”
You remain responsible for the security of your data and liable to your clients in case of a data breach, and in addition, make sure you have read the “small print”: The contract with your Cloud provider is likely to be shamelessly one-sided (in their favour).
The key for small businesses, their owners and their leaders is to move away from those ready-made excuses and own the topic as an integral part of the environment in which they trade, not something alien to it.
Beyond loss avoidance and business stability, good security and privacy practices build digital trust.
They support valuations, reduce risk and regulatory or legal friction.
As the reflection of good business ethics, they can be turned into a competitive advantage to attract talent, retain customers and become a key ingredient to your mid to long-term “secret sauce”.
Founder & CEO
Contact Corix Partners to find out more about developing a successful Cyber Security Practice for your business.
Corix Partners is a Boutique Management Consultancy Firm and Thought-Leadership Platform, focused on assisting CIOs and other C-level executives in resolving Cyber Security Strategy, Organisation & Governance challenges.
An edited version of this article was originally published on Forbes on 6th April 2023 and can be found here.