How do you convince small businesses to invest in Cybersecurity?

We’ve all seen the media coverage of big data breaches, yet they keep happening.  Big data breaches have occurred at Target, Home Depot, the U.S. Office of Personnel Management, Anthem Insurance, Sony Pictures, and more.  Investment in information security just doesn’t seem to be important as it should to many organizations.  Of course, this type of expenditure doesn’t produce revenue.  It is almost like buying insurance, expensive and boring.  Compliance with regulations often drives cybersecurity expenditures, but organizations really need to do serious thinking about what a data breach means to its operation and reputation.

What do these breaches cost?  Maybe not enough for big business.  Target estimated that its data breach cost $191 million of gross expense in 2014.  According to Fortune, “Sony estimates its breach’s financial impact has been just $15 million to date “in investigation and remediation costs.” That’s barely a blip on the radar.”

We know that enterprise IT departments all provide for some level of cybersecurity, but how much, and how much is enough?

Cybersecurity is getting more attention in some companies.  There is talk and activity about moving the infosec role out of the IT department and into general executive status, because cybersecurity is not all about technology.  It is about people, processes, compliance and technology.

Since big business is vulnerable given their big data stores and budgets, how vulnerable do you think small businesses are?  Why is that important?  Your lawyer or accountant is a small business.  You might bank at a credit union or small bank.  How do they protect your data (and do you really think they are protecting it)?  What would the impact cost to the reputation of a small accounting firm for losing its client’s financial information.


How much do data breaches cost big companies? Shockingly little. (2015). Retrieved March 19, 2016, from