The U.S. Small Business Administration is working with the U.S. Department of Homeland Security and the Information Technology Coordinating Council to attract respondents to a confidential cybersecurity survey for small and mid-sized businesses.
“Cyber-attacks are a growing concern for small business owners and our economy. The SBA is encouraging entrepreneurs to participate in this survey to help identify best practices that reduce threats to small and mid-sized business’ data and information, two items central to their operations,” said SBA Regional Administrator Steve Bulger, who oversees the agency’s operations throughout New York, New Jersey, Puerto Rico and the U.S. Virgin Islands.
DHS’ Cybersecurity & Infrastructure Security Agency and the ITCC are the primary agencies coordinating this survey with assistance from the SBA and its Office of Advocacy.
In 2018, the FBI reported the cost of cybercrimes reached $2.71 billion with almost $1.3 billion occurring from business e-mail/e-mail account compromises, approximately $270 million in losses from data breaches, $362.5 million in confidence fraud and $70 million in spoofing. In fact, New York and New Jersey were among the top 10 states where the most victims of cyber-crimes live according to the report.
“Small businesses can have misconceptions about what constitutes a cybersecurity threat, and how to address it,” SBA Puerto Rico and U.S. Virgin Islands District Director Yvette T. Collazo said. “This survey can help empower our businesses with resources and knowledge to protect them from cyber threats in the future.”
The voluntary survey is open to all small businesses and will not publish confidential or identifiable information from respondents. Participation in the survey will help inform the Cybersecurity Framework being developed by the National Institute of Standards and Technology in addition to other federal agencies.
Survey results are intended to produce data about which sources small and mid-sized businesses use to reference cybersecurity best practices, the specific assets and management practices of each company, such as physical access management, as well as the benefits of, and the cost of the NIST’s framework use and implementation.
Cybersecurity awareness and current cyber risks to small businesses will also be covered.