the cyber security spotlight is shining on supply chains because, as the old saying goes, you’re only as strong as your weakest link. Criminals see small business increasingly as the weak link because larger businesses are dedicating more resources to and becoming more savvy about cyber security.
A clear indication that cyber criminals are turning to smaller businesses as a result of big business’ increased cyber security awareness and capabilities is that 43% of cyber attacks target small businesses up from 18% just a few years ago. [1]
The rate at which cyber attacks against small businesses grew last year is a staggering 424%. [5]
The costs of a cyber attack are significant and it is likely that many small businesses will not survive an attack. On average small/mid-sized businesses spent $955,429 USD to remediate after an attack in addition to the average $879,582 stolen from the businesses. [2] The US National Cyber Security Alliance states that 60% of small businesses that suffer a cyber attack go out of business within half a year. [3] The first step in responding is figuring out how the attack happened. Unfortunately, this alone will require help that could cost as much as $15,000 USD. [4] Interestingly enough, the cost of getting back to business as usual far out measures the actual amount of money taken in a cyber attack.
The good news is that once a small business has a clear picture of the strengths and weaknesses of their information security applications, systems and networks the cost of remediating any weaknesses is far less costly than it is for larger organizations. It is, however, difficult to find affordable services required to provide them with the clear picture of their current situation and the actions required to remediate any weaknesses. Whilst larger organisations have their own information security resources to undertake the work, small businesses need to outsource.
The cost of the assessment and reporting services however, are often prohibitive, whereas ironically the fixes required are not necessarily so. InfoSecAssure is an affordable and easy to use tool that assesses, provide remediations and produces assurance reports for both clients and regulatory assessments. Businesses can perform a quick 25 question Health Check or can assess against specific regulations. For many small businesses a Health Check is likely all that is required. ISA will provide remediation actions for any weaknesses and once the remediation actions are taken a small business can redo the assessment and provide its customers with a professional report assuring clients that their intellectual property, customer credit or debit card information, financial information, employee records and business correspondence are secure.
It is not all doom and gloom though as this presents both opportunities and challenges for small businesses. We have described the challenges however there is a real **opportunity** to obtain new customers where their previous suppliers were not able to prove their cyber security/resilience. InfoSecAssure is ready to help you do just that.
At the helm of our privately owned, global RegTech firm are industry experts who understand that security controls should never get in the way of business growth. We empower companies large and small to remain resilient against potential threats with easily accessible software solutions for implementing information security governance, risk or compliance measures.
We don't just throw a bunch of standards at you and let you try and figure it out! We have designed a thoughtful way of supporting all businesses consider, articulate and develop security controls that suit the needs of the organisation and provide clever reporting capability to allow insights and outcomes from security assessments to be leveraged by the business and shared with third parties.
Our platform places customers at the heart of our design process, while providing access to expert knowledge. With simple navigation and tangible results, we guarantee that all data is securely encrypted at-rest and in transit with no exceptions – meeting international standards with annual security penetration testing and ISO 27001 Certification.
