Small businesses will spend an average of $500,000 to recover from a cyberattack and more than half wind up shutting down, a top U.S. Small Business Administration said Friday in Colorado Springs.
Maria Roat, chief information officer for the agency, identified viruses, malware and ransomware as the top threats small businesses face. The attacks often stem from careless internet or email habits or lack of training on how to avoid threats.
Roat was spoke to The Gazette before she gave a talk at the Pikes Peak Small Business Development Center’s Cyber Summit at the Doubletree by Hilton hotel.
“Hackers are looking for any open window or door. If they see just a crack of an opening, they will exploit it,” Roat said. “It just takes one click on a link, or opening an attachment in an email. Employees need to be trained to recognize threats and not to click on links or open emails from unfamiliar websites or senders. If they click on the wrong link or open the wrong attachment, it could install a virus, malware or ransomware on their device.”
Fifty-four percent of all cyberattacks on small businesses cause damage of more than $500,000 from reduced revenue, lost customer opportunities or out-of-pocket costs to recover from the attack, Roat said. About half of small businesses that suffer damage from a cyberattack shut down down within six months because they were unable to recover, she said.
Roat said businesses should make cybersecurity a key part of their business plan. Business leaders should know where their data is stored, discourage sharing passwords and limit websites employees can visit on work devices.
Cyber attacks are a significant threat to the nation’s economy, Roat said, because small businesses make up 97% of the nation’s businesses and employ 47% of workers. Her agency works with more than 30 million small businesses, providing federal guarantees for loans, offering loans to victims of disasters and counseling through small business development centers. The agency also helps small businesses qualify for government contracts.
Roat wants the agency to modernize its online operations to help make it easier for users to find what they need. Some of those initiatives include a single logon for all SBA services and an automated service to help match small business borrowers with lenders.
The agency wants a better picture of all of its relationships with small businesses to predict what services they will want or need. That requires SBA analyze its reams of data to find answers for small businesses.
Standardizing cybersecurity programs offered through its network of small business development centers is another SBA goal. That effort includes using programs developed by the Pikes Peak center as a template for other locations, Roat said. The local center’s program have “a lot of maturity” that can be used to “bring up the rest” of the centers across the nation, she said.