Information Security Leadership Forum - Cybersecurity-apathy

Upcoming events

Certified ISO 27001 Lead Implementer - Information Security Management System (ISMS) Course (session 1 of 5)

Monday, May 13, 2024 8:30 AM

Live Online
Certified ISO 27001 Lead Implementer - Information Security Management System (ISMS) Course (session 2 of 5)

Tuesday, May 14, 2024 8:30 AM

Live Online
Certified ISO 27001 Lead Implementer - Information Security Management System (ISMS) Course (session 3 of 5)

Wednesday, May 15, 2024 8:30 AM

Live Online

Latest ISLF News

Information Security Program Benchmark Initiative Launch

Monday, March 18, 2024 1:00 PM

Timothy Phillips

A Community of Today and Tomorrow's Leaders

Back to list

Cybersecurity-apathy – Is Your Organization Infected?

Thursday, February 17, 2022 3:34 PM | Timothy Phillips (Administrator)

There’s Only Two Types of Companies

There’s an old adage that some people have and continue to share that says, there’s two types of companies;

Ones that have been hacked; and
Ones that have been hacked but don’t know it.

If this is true, which one is your organization?

Most business owners don’t think cybersecurity is an important part of their business operations. Why? Perhaps it’s because they believe their business is not big enough or important enough to be a target.

Cybersecurity-apathy can leave an organization vulnerable to hackers and other malicious actors.

Small Business – Big Target

In the US, many Data Consumer Protection laws either currently in place or wandering through various state legislatures have two things in common.

Number of record triggers; and
Revenue triggers

With over 80% of businesses in the US being small and medium sized companies, these triggers exempt most American businesses from compliance. Additionally, business owners are opposed implementing even the most basic cybersecurity controls because they believe they are too costly or too restrictive to business operations.

Hackers know small businesses are more likely to have weak or non-existent cybersecurity controls in place shown by the statistic that nearly half of all the cyber-attacks each of the last three years have targeted small businesses.

Small Business – Out of Business

In general, a small business is categorized by those that have fewer than 500 employees, with only few exceptions. Most Cybersecurity firms that generate yearly reports use this number.

The statistics of the impacts of cybersecurity incidents on small businesses are shocking:

The average cost of a data breach is $2.98 million
93% of data breaches are financially motivated
63% of Small Businesses report a data breach within the last 12 months
41% of Small Businesses report poor security awareness of their employees

These are sobering, but the most sobering fact regarding Cybersecurity-apathy is that over 60% of Small Businesses that experience a cyber attack are out of business within 6 months.

Updating the Adage

Year after year, there is little change in the statistics of small business and cyber security. Perhaps it’s time to update the saying. Instead of there being two types of companies, there are four:

Those that have been hacked
Those that don’t know they’ve been hacked
Those too apathetic or cheap to prevent being hacked
Those that a hack put out of business

Questions for You!

What are your thoughts on this article?

Do you see this in your world or around you?

Have you been able to successfully address this issue in your organization, and if so, how to you do it?

If you have thoughts on any of these questions or other relevant and related ones, please leave a comment in the comment section below. Please note to keep our environment clean and free of advertisments of any kind, comments may not include external links, citing company names to promote them, or the like.

Scann ing, Reading or Otherwise Accessing this Website by Any Artificial Intelligence (AI) Engine, or any Application Connected to, or Using Any AI Engine is Expressly Prohibited.