In level of importance from 1 to 10, where does the security of your business fall?
Hi everyone, I wanted to do this survey because I'm starting a cybersecurity support system and I've been receiving different feedback from business owners about securing their business. Some don't find it's necessary and some find it very important. I wanted to ask you experts what you think. Where does security, be it cybersecurity and/or physical security, for your business fall on a 1 to 10 scale?
*1 being very important and 10 being not important at all.
Brandon: I would think the answer to your question would be determined by where the value of the "goods" associated with a business are housed. If a business has a physical location with physical goods, physical security and insurance are important. If a business is based on "information products" and those are housed locally, items like redundant backups, anti-virus/anti-malware protection, and errors and omission insurance becomes important. If the content is stored in the cloud, in addition to offline backups, anti-virus/anti-malware protection, and errors and omission insurance, CyberSecurity starts to become important. If a business is a service offering, there is probably limited interest and limited exposure. If a business is an e-commerce provider, CyberSecurity should definitely be on their radar.
That said, any business of any type, that is storing any personally identifiable information (PII) of their clients or users, including credit card info, on a device that is connected to any form of network, should be very concerned with both PCI compliance and CyberSecurity due to their liability exposure and their reputation.
Forgive me for not answering your actual question, but I just wanted to share my experience.
Before I started coaching full time I ran (and eventually sold) a Managed Services IT Firm and worked with a couple excellent security consultants.
This kind of service in the SMB market can be tough. Many small business owners say they value security (and productivity and disaster recovery) until they have to invest in it.
Larger businesses, who's decision makers may or may not be on this platform, could be your best target as they will both have a better appreciation for the risks (and benefits) and the cash flow and revenue necessary to invest in your services.
There may be a market with small, high-end shops like financial investment, professional services, or consulting firms that have valuable and proprietary data to protect.
I hope this helps. Thanks for indulging me :)
P.S. Feel free to message me directly if there's anything I can help you with.
I don't deny that the problems one can encounter with a lack of attention to security for me it would rate a 1. I think if my business were larger I might find protecting against those things more at the front of my mind. We only have a dozen or so employees and only do 2 1/2 million a year. It is something I probably should be more concerned about but if I worried about everything that could happen I would probably drive myself nuts. I do get a few calls on this topic and usually can't wait to get rid of them. I am sure lots of people worry to death about it but it is not on my radar.
The value and priority is higher if you have previously been hacked, attacked or compromised and want to safeguard against it happening again. Similar to investing in a fail safe backup strategy, it is generally not an issue for small business until it is an issue (when pain is felt). Until then it is a medium to low priority for small business and many expect each vendor they deal with to also ensure security is kept to a reasonable level.
Thank you so much everyone for your responses and insight