Small business owners are not doing enough to protect themselves from online threats

In a recent 2019 SMB Cyber Threat Study, 500 senior-level decision-makers were surveyed to determine how aware the businesses are of cybersecurity and the measures that are being taken to bolster it.

Long story short: small business owners tend to underestimate the online threats that are lurking online.

cyber crime pocket

The thinking that doesn’t match the reality

The shocking fact is that 2 out of 3 respondents don’t believe they can become cybercriminals’ prey, which is alarming enough on its own. Given the fact that the Ponemon Institute studies came to the conclusion that 67% of businesses sustained an attack in the last year, this is a good reason to be concerned.

As things stand right now, cybersecurity isn’t getting the attention it deserves. Cybercriminals, as it goes without saying, are more than happy to take advantage of this kind of mentality. The attention cybersecurity is getting in companies is not in line with the online threats that are out there. And that’s not even mentioning the frequency of cyber attacks aimed at businesses of all sorts.

The problem lies in the mindset

Thinking that something cannot possibly happen to you is a dangerous mindset to have. Misfortune doesn’t take sides – it can happen to anyone, particularly those who expose themselves to it by taking the lighthearted approach to cybersecurity. Education is key; adopting the correct mindset follows as a result.

In any case, there’s a difference in perspective when it comes to how long a company has remained in business. Interestingly enough, the companies that have remained in business for less than five years believe they’re much more likely to be targeted by cybercriminals than those that have been in business for ten years or more. 28% of respondents belonging to the former group believe a cyber attack is very likely. But the same can be said for only 6% of respondents belonging to the latter.

The short version is that 70% of important decision-makers in the 10+ years category don’t believe a cyber attack is likely to happen at all. A dangerous way of thinking, indeed.

Organizational awareness plays an important role as well

There is a reason why things are this way, and organizational awareness is a huge part of the equation. In fact, only 9% of the respondents believe that cybersecurity is the most important aspect of their business, while 18% ranked it as the least important (out of six different options).

On the positive side, reputation damage and business disruption are what the respondents see as the most prominent online threats to a business, which is exactly what happens if you let cybercriminals win.

Prevention is not emphasized enough

69% of respondents feel that passwords make them secure. It’s great to know that the best password practices are enforced by putting a firm policy in place. In fact, 75% of companies examined in this research encourage employees to change their passwords regularly. With that said, too little effort is being invested into having a cyber attack prevention plan in place. 25% of respondents don’t even have a clue where to begin.

So what can companies do to protect their data, employees, and users?

Every company is different, so much is true. But no matter what kind of business you’re running, you can’t go wrong by doing the following:

  • Education should be an ongoing process. Hackers are always adapting and finding new ways to breach your cyber defenses. So make sure to study up on the cybersecurity threat landscape enough to know how to protect yourself.
  • If you allow your employees to use their own devices, do the research necessary to find the best VPN for Android and require them to use it at all times. That way, hackers will have a much harder time snooping in on your conversations and stealing your sensitive company data.
  • Study compliance laws. These are constantly changing, so it’s best to assign this role to one of your employees if you can’t find the time. Or, better yet, hire a specialist.
  • Have a plan – always. While no one in their right mind would advise you to be paranoid, the fact of the matter is that breaches can happen despite your best efforts to prevent them. Having a solid plan in place allows you to spend your time acting rather than thinking as every step ahead of you is already outlined.
  • Avoid magical thinking and start observing the realistic threats that are happening in the corporate environment. Thinking that it can’t possibly happen to you and remaining ignorant is what can very well cost you to lose your hard-earned reputation and the trust of your customers.


Cybersecurity threats are a fact of life. Are you doing enough to protect your data, users, employees, and – ultimately – the reputation of your company?