The Senate Small Business Committee heard from a panel of experts Wednesday on how cybersecurity impacts small businesses and the potential dangers to these companies, which are unlikely to have the same security protocols as large corporations.
Small businesses have gained many useful tools as the current digital era brought about technologies that have radically changed society. The technological innovations have allowed for a more convenient way to complete tasks and share information, but with that, there have been new threats which pose devastating consequences.
The International Data Corporation found businesses worldwide are expected to spend $101.6 billion on cybersecurity software in 2020. More people are sharing information online, making cybersecurity an ever-increasing necessity. Online banking and other services make tasks easier for businesses, but also expose their private information.
“These issues represent an existential threat to some small businesses as firms could go bankrupt from the costs responding to a cyber attack, or from the lost revenue and costumers resulting from a business disruption,” Daniel Castro, the vice president of the Information Technology & Innovation Foundation, said during the hearing. “Moreover, these attacks are a drain on the economy, costing between $57 and $109 billion in 2016.”
The Better Business Bureau released a report last year which found that roughly 36 percent of the businesses that reported being a target of a cyber attack ended up losing money. The overall annual loss for smaller businesses was estimated to be $79,841 on average.
“Many businesses continue to think that they are too small to be the target of a cyber attack,” Russell Schrader, the executive director of the National Cyber Security Alliance, said. “These businesses lack the technology, resources, finances, and legal knowledge that they need to protect themselves.”
The National Cyber Security Alliance is a nonprofit that works with public-private partnership on cybersecurity and privacy education. It has training and educational workshops to help inform people and organizations on how best to combat cyber threats.
“Small businesses face significant cybersecurity threats,” Castro said. “Most small businesses are concerned about cybersecurity, but they aren’t doing enough to protect themselves against these threats. One recent survey found that a third of small businesses aren’t taking any practical steps to protect against cyber threats and half don’t have a cybersecurity budget.”
The Small Business Administration (SBA) already has programs to help small businesses fight back against cyber threats. Castro argues the agency should do more to educate and provide resources like setting up a cost-sharing cooperative, low-cost training sessions focused on current and emerging threats, and improved online tools.
“We believe that cybersecurity is an economic and security issue that is best addressed through cooperation between private and public partnerships with industry, government, and consumers,” said Russell Schrader. “We bring together stakeholders to talk about cutting-edge issues to execute hands-on, effective, broad-based education programs.”
The SBA isn’t alone. Other federal agencies are already working to help small businesses protect themselves. The Federal Communications Commission works with other government agencies and private groups to provide resources to small businesses and improve policies. The Department of Homeland Security releases research and tips intended to inform small businesses on how to better protect themselves.
Cybersecurity is also a major issue for large corporations and major financial institutions. The financial sector is a huge aspect of the economy as a whole. The New York Stock Exchange alone can trade tens of billions of dollars on a daily basis. Small breaches are attempted all the time, but a massive attack could have major repercussions for the entire economy.
The federal government also takes great care to secure its information from cyber attacks, but there have been issues. The Government Accountability Office (GAO) released a report which found that federal agencies could improve cybersecurity was revamping hiring guidelines to gain needed talent.