Do you know the cost/benefit breakdown of the cybersecurity you have in place for your small business?
To be more precise, how much should you invest in cybersecurity protection in relation to your actual monetary risk? The findings of the new report from the Better Business Bureau, titled, “The State of Small Business Cybersecurity in North America” offers some hints.
The report was released as part of National Cybersecurity Awareness Month. And one of the more distressing data points regarding small businesses indicates half of them could only stay profitable for about a month after loosing critical data.
The BBB surveyed around 1,100 businesses in the U.S., Canada, and Mexico with 71.4, 28.5, and 0.1 percent of the respondents coming respectively from those countries.
How Much Are Small Businesses Losing?
According to the report, the annual average loss from cyber attacks is estimated at $79,841. The median loss came in at $2,000, with the maximum total loss at $1 million. This, of course, will vary greatly with the size of your company and the type of cyberattack you have sustained.
Still Bill Fanelli, CISSP, chief security officer for the Council of Better Business Bureaus and co-author of the report, emphasized the vulnerability of many small businesses. “Profitability is the ultimate test of risk. It’s alarming to think that half of small businesses could be at that much risk just a short time after a cybersecurity incident,” Fanelli said.
Do You Know How Much to Spend On Cybersecurity?
Fanelli still stresses small businesses must avoid going overboard. He explains “It doesn’t do any good for a small business to adopt a $10,000 solution if the potential risk reduction is only worth $5,000.”
With that in mind, the report used a formula created by two professors at the University of Maryland, Martin P. Loeb and Lawrence A. Gordon. Using this formula, a small business owner can calculate the best possible investment in prevention to safeguard their company from cybersecurity attacks.
The five step process begins by estimating the loss; estimating risks; identifying investments; estimating savings; and making the calculation. You can get details of the formula on the free download of the report here.
The report adds, “As long as the potential savings exceeds the cost of investment, then it is a cost-effective measure that should be implemented.”
Hacking Photo via Shutterstock
More in: Cybersecurity