Each year, it seems like the frequency and severity of cyberattacks get worse. The average cost of a data breach in the United States was $8.19 million in 2019, an increase from $7.91 million in 2018, and today, there are more types of attacks to worry about. Despite this, many entrepreneurs and business owners (especially in small or new businesses) have no cybersecurity plan—and no interest in pursuing one, either.
So why is there such a severe lack of interest in a serious and impactful area?
First, many business owners falsely believe that higher security standards would be too complex to try and integrate. There are many levels of security one could consider, some of which are inherently more complex than others. For example, if you’re running a software development operation, proper container security scanning is a practical must. But for some businesses, even forcing your employees to choose strong passwords is a step in the right direction. It’s also important to understand that you don’t need to have all the technical knowledge or need to do all the work yourself; hiring an IT or security expert can help you identify and address your needs.
The Cost Factor
Another source of reluctance is cost. If a business owner could hire and retain a team of full-time IT experts to fully upgrade and maintain the security of their infrastructure for free, they would probably do it. But if it means paying tens or even hundreds of thousands of dollars per year, it’s out of the question. Even occasional consultations may be too much for a frugal business owner. The trouble here is that the cost of prevention is almost always lower than the cost of recovery; improving your data security is a kind of insurance policy, costing you a small amount of money along the way to spare you from a catastrophic loss.
“We’re Not a Target”
Some business owners don’t think much about their cybersecurity because they don’t believe themselves to be a target. They believe hackers and cybercriminals are eager to go after large corporations and/or wealthy individuals. But the reality is, nearly 60 percent of cyberattacks target small businesses. Why? Because those lucrative, high-value targets are investing heavily in cybersecurity, so they’re much harder to breach. Most cybercriminals are opportunists, not looking for the biggest opportunity, but instead the easiest one. Small businesses are often valuable enough to be worth targeting, but lax enough that they can be breached.
Lack of New Knowledge
Some business owners never step up their cybersecurity game because they aren’t in tune with the latest security standards. They may be using old devices and software, or may have never bothered to learn about the new ones in the business. They don’t understand the new types of attacks that cybercriminals are committing, or the types of targets that are now commonplace.
The problem tends to grow worse with time, thanks to a combination of confirmation bias and survivorship bias. Let’s say in 2015, a business owner dismisses a tech expert’s insistence that they upgrade their data security. Five years pass, and in 2020, they’re given another opportunity to upgrade. With old systems and vulnerable practices, the business has never come under attack—therefore the business owner is likely to believe that security upgrades are not necessary, or that they would be a waste. It’s like refusing to wear your seatbelt because you’ve never been in a car accident; car accidents may not be common, but they could happen to you anywhere, at any time, and it’s important to be prepared for one.
Taking Baby Steps
In many cases, the solution isn’t persuading a business owner to adopt a fully robust, comprehensive cybersecurity strategy, but to guide them in taking baby steps. Even small measures designed to increase security, like keeping your software up-to-date and forcing employees to change passwords regularly, can go a long way in preventing attacks. Again, most cybercriminals aren’t genius hackers; they’re opportunists, looking for easy vulnerabilities to exploit. If your business looks even slightly more difficult than average, they’re probably going to move onto another opportunity.
Data security remains one of the most important investments a company can make, and it’s only going to grow in importance as businesses rely more heavily on collecting and storing consumer data. If you’re currently a business owner without a data security plan, or any cybersecurity standards, this is the perfect time to consider your options, talk to an expert, and invest in an upgrade. And if you’re working for a business owner who refuses to take data security seriously, try to understand why they’re so resistant, and convince them that their perspective may be flawed.
Larry Alton is a professional blogger, writer, and researcher. A graduate of Iowa State University, he's now a full-time freelance writer and business consultant.Currently, Larry writes for Entrepreneur.com, Inc.com, and Forbes.com, among others. In addition to journalism, technical writing and in-depth research, he’s also active in his community and spends weekends volunteering with a local non-profit literacy organization and rock climbing. Follow him on Twitter (@LarryAlton3), at LinkedIn.com/in/larryalton, and on his website, LarryAlton.com. To read more of his reports — Click Here Now.
© 2021 Newsmax. All rights reserved.