The National Association of Women Business Owners (NAWBO) last week announced the results from their Annual Membership Survey. The organization has over 5000 women within 60 chapters across the United States. The National Association of Development Companies (NADCO) served as a partner on the survey.
Within the results, I was shocked to see almost 50 percent of the women business owners said they had made no preparations to prevent or prepare for a cybersecurity incident. Although security threats and breaches have been increasing steadily over the last few years, it seems that almost half of women business owners remain unconcerned about the potential risks of the threats. This amount is extremely high for the potential risk to the company that business owners face. (Side note: Since the survey only focused on women business owners, I can't compare/contrast the findings for women vs. those of men-owned businesses.)
Women Business Owners and Cybersecurity: Potential Disconnects
I looked to the survey results more closely to try and understand the cybersecurity disconnect and found some interesting discoveries.
1. Business is too small
One reason could be that they feel their company is too small for hackers to come after. According to the survey, 32 percent are planning on hiring more staff in 2017. They feel protected from targeted attacks because of their size. If the attackers don't know they exist, then they are less likely to come after them. What they may not realize, however, is most security threats are not targeted attacks. In these situations, size does not matter and data could be compromised within any company. Employees are usually the weakest link in security, and the breaches will likely come from within either intentionally or unintentionally through a virus or phishing attack.
2. Cost prohibitive
Another reason women business owners may seem unconcerned about a cybersecurity threat is that it seems cost prohibitive to them. The survey results show that over two-thirds of women-owned businesses are funded through a bank loan or line of credit. Hiring an expert to protect a business from threats can be expensive. Many business owners are unable to see the potential return on investment to protect themselves, making it difficult for them to spend the necessary money to help ensure their data is secured. (Hence, the potential need for MSSPs and outsourced cybersecurity services.)
3. No time to dedicate
Within the survey, it is also shown that most women business owners are already working 40 hours to 60 hours a week. Especially within a small business, owners and employees are already wearing several hats and performing tasks outside of their job description. It would stand to reason that in these situations they also lack the time to train employees on cybersecurity threats and mitigation or to even create a company security policy for employees to follow.
4. Complacency
Lastly, I believe that many women business owners are simply too complacent to worry about cybersecurity. The survey shows that 60 percent have no interest in public service. They are complacent with the laws and regulations that are already in place and don't see a need for change. This can be translated into also believing that they have not yet experienced a security threat, and feel that they will continue to be safe by doing exactly what they are already doing.
With our current cybersecurity environment, I would love to see the number significantly decrease next year as more women business owners take the threat posed by cybersecurity seriously.
Sarah Kimmel is a former MSP help desk manager. She blogs about IT management, mobile and security issues for ChannelE2E and MSSP Alert.