U.S. Small Business Owners Need More Cybersecurity Safeguards

Eighty-three percent of small business owners allow and offer employees the option to work securely from a remote location when needed and appropriate, according to Nationwide’s fifth annual Business Owner Survey. With young business owners (those ranging from ages 18-34), this number jumps up to 95%.

Source: Nationwide | Published on August 9, 2019

AT&T data breach impacts 73 million

Yet, only 50% of small business owners have updated their remote work security policy in the past year. Failing to continually revise remote work policies in the growing digital workplace could put those business owners at higher risk of a cyberattack.

Though remote employees place business at risk, many small business owners are not properly mitigating other potential cyberthreats, nor are they adequately protecting their employee platforms. According to the Nationwide survey, only 4% of business owners have implemented all of the cybersecurity best practices and recommendations from the U.S. Small Business Administration. Further, one in five small business owners have not committed their employees to formal cybersecurity training, despite the reality that employees represent one of their largest threats.

“What may seem like a harmless public WiFi network could ultimately pose serious troubles for a business,” says Catherine Rudow, vice president of Cyber Insurance at Nationwide. “Many employees may not realize the magnitude of risk associated with a cyberattack as they may not have engaged in a formal training process. The scary truth is that many small business owners, even if they are aware of these risks, have not implemented all the proper measures of protection.”

Nationwide’s Business Owner Survey also found:

  • 65% of business owners admit they have been victim of a cyberattack; computer virus attacks are the top type of attack reported at 33%, phishing is number two at 29%
  • 86% of business owners believe that digital risk will continue to grow
  • 30% of companies with 11-50 employees do not provide any type of formal training on cybersecurity.
  • Despite the simplicity of regularly updating software, 7% of companies still fail to take that step.
  • Reputational risk is among the top reasons (45%) why business owners would consider investing in or purchasing a cybersecurity policy.
  • 35% of business owners who have never experienced a cyberattack are unaware of the financial cost to recover, highlighting a dangerous gap in knowledge from the implications.

Nationwide commissioned Edelman Intelligence to conduct an online survey between June 6-12, 2019, among a sample of 400 U.S. small business owners. Small business owners are defined as having between 11-500 employees, being 18 years or older and self-reporting as either a sole or partial owner of their business. The margin of error for this sample was +/-4.9% at the 95% confidence level. As a member of CASRO in good standing, Edelman Intelligence conducts all research in accordance with Market Research Standards and Guidelines.