Cybersecurity 80% of U.S. small businesses have no cyber security policies in place

Published 25 October 2011

The majority of small business owners believe Internet security is critical to their success and that their companies are safe from ever increasing cyber security threats even as many fail to take fundamental precautions, according to a new survey of U.S. small businesses

The majority of small business owners believe Internet security is critical to their success and that their companies are safe from ever increasing cyber security threats even as many fail to take fundamental precautions, according to a new survey of U.S. small businesses sponsored by Symantec and the National Cyber Security Alliance (NCSA) and conducted by Zogby International.

A National Cyber Security Alliance release reports that the survey found that two-thirds (67 percent) of U.S. small businesses have become more dependent on the Internet in the last year and 66 percent are dependent on the network for their day-to-day operations. What is more, 57 percent of firms say that a loss of Internet access for forty-eight hours would be disruptive to their business and 38 percent said it would be “extremely disruptive” and 76 percent say that most of their employees use the Internet daily.

The vast majority of small business owners think their company is cyber-secure as 85 percent of respondents said their company is safe from hackers, viruses, malware or a cyber-security breach and seven in ten (69 percent) believe Internet security critical to their business’s success. Additionally, a majority (57 percent) of small businesses believe that having a strong cyber security and online safety posture is good for their company’s brand.

Yet a closer look reveals that most small businesses lack sufficient cyber security policies and training. Seventy-seven percent said they do not have a formal written Internet security policy for employees and of those, 49 percent reported that they do not even have an informal policy. More small business owners also said they do not provide Internet safety training to their employees than said they do — to a tune of 45 versus 37 percent. A majority of businesses (56 percent) do not have Internet usage policies that clarify what websites and web services employees can use and only 52 percent have a plan in place for keeping their business cyber-secure.

At the same time, small businesses may not understand how to respond to online threats or the danger they pose. 

For example, 40 percent of small businesses say that if their business suffered a data breach or loss of customer or employee information, credit card information or intellectual property, their business does not have a contingency plan outlining procedures for responding and reporting it.  Two-fifths (43 percent) also say they do not let their customers and partners/suppliers know what they