91����

Helen Patton, a cybersecurity expert with Cisco, says cyber-attacks to small businesses are costly, but manageable

When a small business suffers a cyber-attack, the average loss is $25,000. But the range is anywhere from $826 to $653,000, according to a cyber security expert who spoke at 91���� at Mansfield in December.

Helen Patton, a strategic cybersecurity advisor at , was the third and final expert to speak during a speaker series on cybersecurity organized by 91���� Mansfield, the Richland Area Chamber & Economic Development, and ES Consulting.

She said the cost to small businesses is concerning, not only in dollars but also in the amount of time a small business is down.

Although many small businesses contribute cyber-attacks to “human error,” Patton said the real error is often not being prepared. Data shows that only 14% of small businesses have a cybersecurity plan.

“When someone tells you that an incident is being caused by human error, they’re usually being lazy,” she said. “Cyber loss is a process problem, it’s a system problem, it’s a ‘you’ve got a fragile business problem.’ It’s not a human error problem; it’s the business owner’s problem.”

The challenge for small businesses is that they’re often under resourced when it comes to cybersecurity, working with smaller budgets and smaller staff than larger companies.

Resources Available

But Patton said there are numerous public and private resources that can help safeguard small businesses. 

First, she recommends that small business owners invest in cybersecurity insurance.

There are two different kinds of cyber insurance: first-party and third-party. First-party coverage protects internal data and systems. Third-party coverage protects against liability claims from disgruntled customers, partners, suppliers, etc.

She said small business owners need both types of insurance. They also need to implement a cybersecurity plan, and test it regularly to be sure it’s doing what is intended.

Here are some public and private resources available:

Private sector resources:

• Global Cybersecurity Alliance Small Business Toolkit
  
• National Cybersecurity Society
  
• Cyber Readiness Institute
  
• Hiring an experienced managed service provider (MSP) or (managed security provider (MSSP) who is familiar with cyber-attacks and your industry

Federal Resources:

• CISA (Region 5) Small Business Guidance
  
• FCC Cybersecurity for Small Business
  
• NIST Small Business Cybersecurity Corner
        

Ohio resources:

• Ohio Secretary of State
  
• CyberOhio
  
• Ohio Cyber Range Institute
  
• Ohio Department of Homeland Security