Small businesses do not see themselves as cybercrime targets

Nov 23, 2010 12:04pm

By Michael Kaiser, NCSA Executive Director

Today, NCSA and VISA announced the results of a survey of 1,000 American small businesses. The results are eye opening. Nearly 50 percent of all small business owners believe the high cost in time and money to fully secure their business is not justified by the threat. This attitude is manifested in practice as 75 percent of owners said their employees have received less than three hours of network and mobile device security training in the past year, with 47 percent saying their employees received zero hours of training.

According to the survey, more than 85 percent of small business owners believe that they are less of a cybercrime target than large companies, and 54 percent believe they are more prepared to secure sensitive customer and corporate data than large businesses.  In addition, 84 percent agree that they have the policies and procedures in place for keeping data and computer systems secure.

The findings are surprising in light of growing concern from security experts and law enforcement that hackers and cyber criminals are honing in on small businesses as their new targets. Last month, Ukraine authorities arrested five individuals who allegedly stole $70 million from U.S. bank accounts in an elaborate scheme targeted at U.S. small and medium-sized businesses. Brian Krebs, in his blog, has documented numerous cases of cybercrime directed at SMB's.

"Cybersecurity investments are critical to protecting a company's brand and reputation," said Rosetta Jones, head of public affairs for Visa and an NCSA Board member.  "We are focused on partnering with small businesses to ensure that they fully understand the business benefits of running a cyber secure operation."  

Small businesses can find basic help online at as well as more detailed guidance at Visa's cardholder data security site,, or at the Payment Card Industry Security Standards Council's (PCI SSC) small business site, The U.S. Chamber of Commerce also recently released its Internet Security Essentials for Business a guide of best practices in cyber.

According to Jones, small business owners can take an important step toward better security, in a matter of moments, by making sure their payment system software is not working against them.  The PCI SSC maintains a list of payment applications that have been validated as complying with the Payment Application Data Security Standards (PA-DSS).  Validated software applications use secure coding procedures to guard against common attack methods and prevent the retention of prohibited data.

The study was an online poll of 1,000 small business owners conducted by Zogby-463.