Small businesses, and the government, should make cybersecurity a priority.
While Fortune 1000s dominate many interactions in our daily lives, small businesses remain the bedrock of the U.S. economy. According to the Small Business Administration, the 30 million small businesses operating in the United States employ nearly half of the total workforce.
Unfortunately, these same small businesses have begun to fall victim to cyberattacks at an alarming rate, and whether you know it or not, this reality is putting the entire economy at risk. As large companies spend endless amounts of time and money to fortify their digital assets, cybercriminals, hackers and fraudsters have turned their attention to those that cannot afford such lofty and impenetrable defenses: small and mid-sized businesses.
A recent Ponemon study found that nearly 70% of all small businesses experienced a cyberattack in 2017, while half admitted to having no understanding of how to protect their company against an attack. And that's a big problem when considering the average recovery costs of a data breach for a small company can top $149,000. Most worrisome, however, is that 60% of all small companies that succumb to a cyberattack go out of business within six months, according to a report by the U.S. National Cyber Security Alliance.
The possibility of a trickle-up recession is real.
The risk to individual small businesses is undoubtedly a big concern to small business stakeholders, but perhaps the bigger issue at present is the risk now posed to the national economy as a whole.
To date, there has been little to correlate small business cyberattacks to any indicators of recession.
While there is vast and differing discussion on when and what will truly facilitate the next downturn, most, if not all economists, have failed to identify SMB cybercrime as a factor. That's likely because recessions are typically driven by events that trickle down throughout society, such as rising interest rates, credit crunches, international conflict or high oil prices, among other geopolitical activities.
While those contributing factors remain, unquestioned recession drivers, it is entirely plausible that the next recession is driven from the bottom up and not the top down. As the aggregate of attacks on small businesses continues to cause disruption to business continuity, significant revenue losses, employee layoffs and permanent closures, the net negatives could realistically bubble up into the mainstream. This trickle up the depressive state would almost certainly hamper consumer confidence, slow GDP, halt risk-taking and decimate job growth so much so that the next great recession is born.
Harvard Business Review suggests that a cyberattack could cause the next financial crisis if it were to cause disruption to financial services capabilities, especially payment systems. While a crisis like this could start from the top, it could also start from the bottom. If thousands of small and mid-sized businesses were forced to shut their doors from cyberattacks, it could lead to a decline in deposits that significantly hurts a bank's ability to lend, among other consequences.
In addition, as noted in Inc., which tracks small business openings and growth in its Entrepreneur Index, when small businesses close or fail to thrive, they drag down job numbers and job growth with it. When that happens, both consumers and small businesses spend less, which trickles up the line to larger businesses and the whole economy.
Improved small business cybersecurity could protect the economy from recession.
According to an article in Nextgov, "the U.S. economy loses between $57 billion and $109 billion per year to malicious cyber activity." Such numbers are poised to worsen as the economy begins to factor in all of the small business losses from cybercrime.
As economists point to the inevitability of recession, it's essential that all of society help small businesses from emerging as a contributing factor. Here are three things that we can, and must, do right away:
- Government-backed tax incentives – As much as the government already strives to secure our borders, air travel and financial system, it must also now help secure the digital environments of those that cannot afford to do so on their own. A good starting point would be tax incentives to spur innovation and help businesses acquire cybersecurity. Incentives are a proven way to produce results without implementing regulations and the stigma of forcing companies to act. In many cases, the federal government has used tax rebates and deductions to encourage behavior that may have not occurred otherwise, such as with solar power and electric vehicles.
- Reduce cyber insurance premiums – Cyber insurance could benefit small businesses in the event of an attack as damages from cyberattacks are typically excluded in general liability policies. And without coverage, small businesses are left entirely on the hook for data loss, ransoms, damages and any other liabilities. However, many small businesses are currently priced out of the cyber insurance market, and policies often do not cover the primary attack vector, email phishing. Making cyber insurance truly available to the masses will likely require assistance via grants or tax deductions from the state and federal government, a small price to pay when considering the alternatives.
- Enhance organizational awareness – Small businesses must also take it upon themselves to raise awareness in their organizations and to increase their defenses as best as they can. A study by Hiscox found that less than 20% of small business said they were confident in their cybersecurity readiness, and barely half had a clearly defined cybersecurity strategy at all. One important and affordable action is to conduct a third-party security assessment that identifies vulnerabilities. Once all digital weaknesses are identified, company leadership should create an incident response plan to mitigate losses in the event of an attack. While such activities aren't always without cost, they can be affordable and may prove to save your business in the long run.
Enabling cybercrime to flourish and fester among small businesses pushes our country's risk of recession up to the ladder and unnecessarily drains billions from the global economy. While economists will continue to pontificate about the state of the economy and what's likely to drive the next recession, they must not forget the present-day fragility of the small business community and how unprepared it is to defend against the plethora of cyberattacks. For this very reason, it is entirely possible that the damages from small business cybercrime facilitate or play a major role in leading to the next great recession.