Helen Patton, a cybersecurity expert with Cisco, says cyber-attacks to small businesses are costly, but manageable
MANSFIELD, Ohio – When a small business suffers a cyber-attack, the average loss is $25,000. But the range is anywhere from $826 to $653,000, according to a cyber security expert who spoke at The Ohio State University at Mansfield in December.
Helen Patton, a strategic cybersecurity advisor at Cisco, was the third and final expert to speak during a speaker series on cybersecurity organized by Ohio State Mansfield, the Richland Area Chamber & Economic Development, and ES Consulting.
She said the cost to small businesses is concerning, not only in dollars but also in the amount of time a small business is down.
Although many small businesses contribute cyber-attacks to “human error,” Patton said the real error is often not being prepared. Data shows that only 14% of small businesses have a cybersecurity plan.
“When someone tells you that an incident is being caused by human error, they’re usually being lazy,” she said. “Cyber loss is a process problem, it’s a system problem, it’s a ‘you’ve got a fragile business problem.’ It’s not a human error problem; it’s the business owner’s problem.”
The challenge for small businesses is that they’re often under resourced when it comes to cybersecurity, working with smaller budgets and smaller staff than larger companies.
Resources Available
But Patton said there are numerous public and private resources that can help safeguard small businesses.
First, she recommends that small business owners invest in cybersecurity insurance.
There are two different kinds of cyber insurance: first-party and third-party. First-party coverage protects internal data and systems. Third-party coverage protects against liability claims from disgruntled customers, partners, suppliers, etc.
She said small business owners need both types of insurance. They also need to implement a cybersecurity plan, and test it regularly to be sure it’s doing what is intended.
Here are some public and private resources available:
Private sector resources:
- Global Cybersecurity Alliance Small Business Toolkit
https://gcatoolkit.org/smallbusiness/ - National Cybersecurity Society
https://nationalcybersecuritysociety.org/ - Cyber Readiness Institute
https://cyberreadinessinstitute.org/about - Hiring an experienced managed service provider (MSP) or (managed security provider (MSSP) who is familiar with cyber-attacks and your industry
Federal Resources:
- CISA (Region 5) Small Business Guidance
https://www.cisa.gov/cyber-guidance-small-businesses - FCC Cybersecurity for Small Business
https://www.fcc.gov/communications-business-opportunities/cybersecurity-small-businesses - NIST Small Business Cybersecurity Corner
https://www.nist.gov/itl/smallbusinesscyber
Ohio resources:
- Ohio Secretary of State
https://www.ohiosos.gov/globalassets/publications/busserv/cybersecurity_01-2024_web.pdf - CyberOhio
https://cyber.ohio.gov/ - Ohio Cyber Range Institute
https://www.ohiocyberrangeinstitute.org/ - Ohio Department of Homeland Security
https://homelandsecurity.ohio.gov/our-programs/ohio-cyber-program