Washington (PRESS RELEASE – December 1, 2010) – Small business owners increasingly believe investments in cybersecurity are not justified by actual online threats and the majority of cybercrime is focused on attacking large companies, found a new study sponsored by Visa Inc. and the National Cyber Security Alliance (NCSA).
Nearly 50 percent of all small business owners believe the high cost in time and money to fully secure their business is not justified by the threat. This attitude is manifested in practice as 75 percent of owners said their employees have received less than three hours of network and mobile device security training in the past year, with 47 percent saying their employees received zero hours of training.
“The greatest threat to a company’s cybersecurity is complacency,” said Michael Kaiser, executive director of the NCSA. “We encourage small business owners to take the necessary precautions to protect their customers, employees and their businesses.”
According to the survey, more than 85 percent of small business owners believe that they are less of a cybercrime target than large companies, and 54 percent believe they are more prepared to secure sensitive customer and corporate data than large businesses. In addition, 84 percent agree that they have the policies and procedures in place for keeping data and computer systems secure.
The findings are surprising in light of growing concern from security experts and law enforcement that hackers and cyber criminals are honing in on small businesses as their new targets. Last month, Ukraine authorities arrested five individuals who allegedly stole $70 million from U.S. bank accounts in an elaborate scheme targeted at U.S. small and medium-sized businesses.
“Cybersecurity investments are critical to protecting a company’s brand and reputation,” said Rosetta Jones, head of public affairs for Visa. “We are focused on partnering with small businesses to ensure that they fully understand the business benefits of running a cyber-secure operation.”
According to Jones, small business owners can take an important step toward better security, in a matter of moments, by making sure their payment system software is not working against them. The PCI SSC maintains a list of payment applications that have been validated as complying with the Payment Application Data Security Standards (PA-DSS). Validated software applications use secure coding procedures to guard against common attack methods and prevent the retention of prohibited data.
The study was an online poll of 1,000 small business owners conducted by Zogby-463.
About The National Cyber Security Alliance
The National Cyber Security Alliance is a nonprofit organization. Through collaboration with the government, corporate, non-profit and academic sectors, the mission of the NCSA is to empower a digital citizenry to use the Internet securely and safely protecting themselves and the technology they use and the digital assets we all share. NCSA works to create a culture of cyber security and safety through education and awareness activities.
About Visa Inc.
Visa Inc. is a global payments technology company that connects consumers, businesses, financial institutions and governments in more than 200 countries and territories to fast, secure and reliable digital currency. Underpinning digital currency is one of the world’s most advanced processing networks—VisaNet—that is capable of handling more than 20,000 transaction messages a second, with fraud protection for consumers and guaranteed payment for merchants. Visa is not a bank and does not issue cards, extend credit or set rates and fees for consumers. Visa’s innovations, however, enable its financial institution customers to offer consumers more choices: pay now with debit, ahead of time with prepaid or later with credit products.