Improving cybersecurity offers no opportunity to small businesses - 15 Dangerous Cybersecurity Myths - Day 12

Hello there. Did you know that small businesses are extremely vulnerable to attack from cybercriminals right now and that most don't survive for more than six months after a cyber incident?

John Byrne here, entrepreneur, insurance professional, online educator, and founder of Surviving Cyber. My goal is to help small business owners and managers like you get to grips with this complex subject of cyber risk.

15 Dangerous Cybersecurity Myths

You may be struggling now, to clearly see the big picture but once you separate the myth from the truth, you can begin to significantly reduce your risk over the next 15 days through this series, I'm going to walk you through "15 Dangerous Cybersecurity Myths You Probably Believe". I'll explain the thinking behind each myth, why it's dangerous to believe it, and the truth you need to hear so that your small business can stay safe.

Now, before we dive in, I want to give you access to my free cyber resilience workshop. It's a 60-minute video workshop that will show you how to create your first survival plan for your small business in 30 days. It's full of practical tips that you can implement. If you don't already have access, use the link to register now.

Myth Number 12 - Improving cybersecurity offers no opportunity to small businesses.

Now, today, as we continue the series, we're going to explore myth number twelve: "Improving cybersecurity offers no opportunity to small businesses”. I hope you're ready to dive in. I'm John Byrne, and this is "15 Dangerous Cybersecurity Myths You Probably Believe".

Let's explore the thinking behind the myth that improving cybersecurity offers no opportunity to small businesses.

  • The first point I often hear from small businesses is that cybersecurity is just another problem. Small business owners and managers say “I have more than enough problems already and I don't want to tackle it. I'd rather let sleeping dogs lie”. Now, it’s very understandable why they might think like this. Cybersecurity can be a complex issue and it's often seen as a problem. This is a mindset issue, where digitization and the resulting cyber risk is seen only as a problem, and it may be pushed away and not addressed. This one-sided view of only the problem rather than opportunity is very prevalent.

  •  The second view I often hear expressed is: “this problem is getting worse as time passes and as digitization continues. I might need to make significant changes to my business model if I tackle this issue.” Now, this is a development of the initial thought the initial thoughts said it's a problem. The second thought is that cyber risk is a problem that's getting worse. So, if I don't want to address it now, I will want to address it less in the future. The business owner realizes now that the business model might have to change, and this could involve a lot of work, a lot of expense and a lot of time. This is the thinking that develops from regarding cybersecurity as a problem.
  •  And a third point I often hear is: “I just can't see any upside here. I don't see the potential for things to get better for me if I tackle this problem. I just see more regulations, like GDPR,  more costs and increasingly complicated problems in the future. So, where's my incentive to act, other than the obvious incentive of regulatory sanction, If I'm found to have breached GDPR?” So, the thinking here is: “this is a problem, it's getting worse, I really don't want to tackle it and I don't see that I have much incentive to tackle this problem”. This is a mindset that sees digitization and cyber risk as a growing problem and doesn't see any opportunity.

A Dangerous Myth

So why is it dangerous to believe the myth that "Improving cybersecurity offers no opportunity to small businesses?”

The myth is dangerous because it's demonstrating a scarcity mindset that sees only problems and fails completely to see the potential upside that digitization offers to small businesses. Specifically, it fails to see the commercial advantage of becoming a cyber-resilient business; and a cyber resilience small business at that. It requires the adoption of a growth mindset to begin to see the opportunity that arises from several sources, which we'll discuss next.

Truth Number 12 - the potential upside for addressing cybersecurity in your small business is significant.  

So, let's look at the truth behind this myth, which is that the potential upside for addressing cybersecurity in your small business is significant.  

  • Rather than see digital change as a problem, a growth mindset recognises that there is a significant opportunity available to my small business if I address the problem. The opportunity comes from the digital change that has radically changed the business environment for all companies, and especially for small companies. Digital change brings both opportunity and challenge and not engaging really isn't an option for companies that want to have a healthy digital business.

A growth mindset accepts that the world has changed dramatically in the last five years, and that digitization is not going to slow down at any point in the near future. It also realises that we must be able to compete going forward and that means addressing cybersecurity in all small businesses. However, if it is addressed and you create a cyber-resilient business, new opportunities arise. 

  • The second point is that the pace of change has dramatically quickened since COVID-19 struck in early 2020. The world changed in a dramatic way and immediate changes were required for small businesses, just to keep trading and to survive in the short term. There was no time for adequate planning and especially for adequate consideration of the cybersecurity needed for the increased risk resulting from working from home. However, as I write this article at the end of 2021, the excuses of urgency and inadequate time to prepare have become invalid, even for small companies. All businesses should now review their cyber risk position to ensure that they're satisfied with their cybersecurity for the hybrid work environment.  

  • And finally, the importance of creating trust in your business cannot be overemphasized. Becoming a cyber-resilient business creates trust with all of your stakeholders; your customers, your employees, your suppliers and your regulators (if you're a regulated company). Small businesses can become a favourite trading partner of larger companies because those larger companies will have higher demands for cybersecurity of all companies in their supply chain. As I've mentioned in previous articles in this series, the pressure, from large companies, will increase over time on small companies to be able to evidence the state of their cyber posture. 
Also, formal regulation of cybersecurity standards could well be introduced in the future as a development an ongoing trend toward increasing standards in this area. It's not beyond the bounds of possibility that E.U. governments could introduce formal regulation around cybersecurity, similar to the approach of GDPR. So, the opportunity to be a cyber-resilient small business, and to benefit from that status, will only grow in the future.

Free Cyber Resilience Workshop

Thanks so much for reading today's post. I hope you found it helpful in exploding this myth and revealing the truth. Don't forget to register for the video workshop using the link I hope to see you tomorrow as we dive deeper into "15 Dangerous Cybersecurity Myths You Probably Believe" so we can uncover the truth of how to keep your small business safe.