Earlier in October, Travelers Insurance took a poll of women business owners at the National Association of Women Business Owners annual conference. While the poll looked at a number of issues that face small business owners in general, two results jumped out at me.
First, nearly a third of the 307 respondents admitted that they don’t feel prepared to respond if their business falls victim to a cyberattack. Second, more than half have no plan in place in case of a disaster, natural or cyber. As we come to the one-year anniversary of Hurricane Sandy and remember the number of outages and the amount of data lost or taken offline because of the storm, I find it hard to believe that the majority of women business owners haven’t learned the lesson of the importance of having a disaster recovery plan. But the truth is the percentage of businesses without a disaster plan and those that feel unprepared for a cyberattack both rose from last year’s survey to this year.
That’s right – despite Superstorm Sandy and the increasing news coverage of data breaches, DDoS attacks and other network threats, fewer women business owners are prepared for the worst when it comes to their businesses.
The Travelers’ survey results came out at the same time as a BeyondTrust survey that found just how much harm employees are doing to their companies because of the data they are accessing, usually without permission. The Travelers’ survey did not ask about employees and related threats, but it would have been interesting to find out how well these women business owners are monitoring potential inside threats and if they know what their employees are doing. As my IT Business Edge colleague Kachina Shaw wrote in her blog post:
While IT, management and users are all bombarded with and distracted by daily news of new malware attacks or software vulnerabilities, the more serious threat to network security and data integrity continues quietly: insider threats. Whether the initial intent is malicious or not, once the breach occurs, even if it is accidental, the damage is done.
Why cybersecurity and disaster management are off the radar for so many small business owners is a mystery – the survey didn’t follow up with why. The bigger question is why the number of business owners who are unprepared is rising, not shrinking. Cybercriminals don’t care if the business is large or small, owned by a woman or man or an alien, as long as the company has information that can be useful. Once an attack occurs, it is really hard for a business to recover.