The Small Business Administration (SBA) and the Cybersecurity and Infrastructure Security Agency (CISA) have been recognizing Cybersecurity Awareness Month for 21 years, yet we still have a lot to learn and implement to stay secure from cybersecurity threats. Wherever there is technology, there needs to be cybersecurity. The ongoing theme for Cybersecurity Month is Secure Our World, highlighting the importance of taking routine action to reduce risks when online and connected digitally. CISA and SBA share a mission of helping small business owners navigate and overcome the increasingly dangerous cybersecurity waters.

A great start for entrepreneurs to become digitally secure is to follow the four commonly shared tips: create and use strong passwords; always use multifactor authentication (when possible); be aware and report phishing; and always keep your software updated. These four simple steps can save you and your business from devastation.

Allen Thomas, SBA

Credit: Handout

icon to expand image

Credit: Handout

Julius Gamble, CISA

Credit: Handout

icon to expand image

Credit: Handout

Entrepreneurs must stay vigilant in the face of evolving cybersecurity threats. By adopting a proactive approach to cybersecurity, entrepreneurs can protect their businesses, customers and their bottom line from the growing wave of cyber threats. Many trainings and details are available through cisa.gov on how to best secure your individual world.

According to the National Cyber Security Alliance, 60% of small businesses that experience a cyberattack go out of business within six months. Cyberattacks cost each American entrepreneur $8,000 annually in 2023. Please note this is the average cost — some costs are higher, and some are lower, but the attacks are costly, and the numbers speak for themselves.

According to a report by IBM and the Ponemon Institute, the average data breach cost for small businesses with less than 500 employees is $2.98 million and the average cost of each breached record is $164.00.

Factors that drive the cost of data breaches include paying ransoms and paying for credit monitoring. Depending on the source of the breach, hardware and software might need to be upgraded to remediate the problem. Additional contributing factors that add to cost are:

  • Complexity of remediation and ensuring that the threat has been removed;
  • Potential direct theft as happens during business email compromise attacks;
  • Cost of downtime related to an incident (can sometimes be measured in minutes);
  • Notification of victims (theft of personally identifying information);
  • Reputational damage and loss of trust.

Cybersecurity incidents can paralyze a business and destroy customer trust, and recovering from these attacks is expensive. According to the U.S. Chamber, a majority (60%) of small businesses say cybersecurity threats, including phishing, malware and ransomware, are a top concern.

CISA and the SBA offer a wealth of free resources, including tabletop exercises and incident response plan templates, to help small businesses prepare for potential cyber threats. Business owners are encouraged to use these tools to strengthen their defense. Entrepreneurial tools are available at the SBA and CISA websites.

Implementing cybersecurity does not have to be costly for small business owners. Many basic steps, such as creating a cybersecurity culture within an organization and designating a specific person for security responsibilities, can be done with minimal investment. Keeping your small business safe from cybersecurity attacks needs to remain a priority for every entrepreneur — regardless of where they fall in the small business life cycle. The threats are real.

Allen Thomas is a regional administrator for the U.S. Small Business Administration. Julius Gamble is a regional director for Region 4 of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency.