Majority of Small Businesses Believe They are a Target of Cybercriminals, Survey Finds



If you think your small business is at risk of a cyberattack, you’re not paranoid – you’re smartly cautious,  posits Victory State Bank.

Staten Island’s only community-based commercial bank suggests businessowners remain on guard against cyber intrusions. A recently released (Oct. 23, 2019) survey by the National Cyber Security Alliance (NCSA) found that an overwhelming majority of small businesses believe that they are a target of cybercriminals, highlighting the growing awareness among this group about the threat of a cyberattack. The Zogby Analytics survey – which was commissioned by NCSA and polled 1,006 small business decision makers – revealed that 88 percent of smaller-sized organizations  believe that they are at least a "somewhat likely" target for cybercriminals, including almost half (46%) who believe they are a "very likely" target.

Released during National Cybersecurity Awareness Month (NCSAM), the survey showed that with small businesses more aware of a data breach threat, many are responding with strong cybersecurity measures. Almost half (46%) of surveyed businesses feel "very prepared" to respond quickly and appropriately to limit the impact of a data breach or cybersecurity incident, were they to happen today. More than half (58%) say they have a response plan that they can immediately put into action while 36 percent say they would be able to fully operate without computers following a breach. The full survey results can be viewed here:

"Cybersecurity remains a serious threat for businesses and consumers alike, so it is encouraging to see more businesses educating themselves about cybersecurity," said Daniel Eliot, NCSA's director of education & strategic initiatives. "As a result, they are learning that they are not immune to attacks – as many small businesses once believed – and are learning to better protect themselves and their most important assets."

Despite small businesses' increased knowledge about cybersecurity, devastating data breaches are not unheard of. More than a quarter (28%) of survey respondents have experienced an official data breach within the past 12 months. As a result, 37 percent of those suffered a financial loss, 25 percent filed for bankruptcy and 10 percent went out of business.

Other survey highlights include:

  • Larger companies are better prepared for a cyber breach – 73 percent of businesses with 251-500 employees have a response plan that they can immediately put into action and 44 percent would be able to fully operate without computers (for companies with 1-10 employees the respective numbers are 37% and 26%).
  • 51 percent of small business decision makers believes that smartphones pose just as much cyber risk to their organization as computers do, while an additional third (31%) believe they pose more risk.
  • 63 percent have a clearly articulated process for employees to report potential cyberthreats to leadership, and 73 percent have a clearly articulated business process that outlines how employees should securely dispose of equipment and data.
  • 41 percent of businesses back up their business data on a daily basis while almost a quarter (21%) do it multiple times per day.

The National Cyber Security Alliance encourages all businesses to implement a cybersecurity program based on the National Institute of Standards and Technology Cybersecurity Framework:

  • Identify and understand which business assets ("digital crown jewels") others want
  • Learn how to protect those assets
  • Detect when something has gone wrong
  • Respond quickly to minimize impact and implement an action plan
  • Learn what resources are needed to recover after a breach

The Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security, which co-leads NCSAM with NCSA, is conducting a survey on cybersecurity issues in the small and mid-sized business (SMB) community and welcomes organizations' participation. The survey focuses on companies' awareness and use of the NIST Cybersecurity Framework. The voluntary survey addresses companies' familiarity with the Framework, their perceptions regarding potential barriers to using the Framework, their concerns related to cybersecurity, as well as how those concerns rank relative to other business priorities. It also seeks companies' suggestions for strengthening the overall cybersecurity posture of SMBs.

To access the survey, please visit The survey should only take 30 minutes. Questions marked with an asterisk (*) are required. The survey can only be taken survey once, but responses can be edited until the survey is closed on November 11.