Cybersecurity Labor Supply Impacts Small Business Needs
When cybercriminals attack, small and medium-sized businesses (SMBs) are often the victims. Since 2016, cyberattacks have risen by 20 percent, and 66 percent of SMBs have experienced an attack within the last year. According to cybersecurity company, Systemic, there is an average loss of $188,000 per attack. The damage from one attack can be devastating – if not fatal – for an organization.
The proliferation of cyberattacks has created an unprecedented demand for cybersecurity experts, also known as information security analysts. These professionals are key to mitigating attacks and creating a shield around the organization’s computing environment and infrastructure.
Small Business Cybercrime Stats
Research by phone company Verizon Wireless reported that 43 percent of all cyberattacks are aimed at small businesses, resulting in lost data, intellectual property, time, money and morale. The motivations for cybercrime range from a financial advantage (71 percent) to strategic advantage (25 percent). While the majority (69 percent) of attacks are led by criminals outside the company, about one-third are initiated by people within the organization.
While many SMBs have enacted some measure of security, 45 percent find the protection to be unhelpful in mitigating attacks. As cybercrimes become more sophisticated and advanced, SMBs must enhance their security strategies with the right personnel and technology to prevent or reduce implications of an attack. Cost is usually the biggest reason SMBs choose not to employ an IT professional, but for companies that have had one or more breaches, the cost of damages can exceed the salary.
Finding the Talent
As demand continues to rise for information security professionals, recruiting for this role can be challenging. The talent pool is deep in many areas of the country. Data from the Bureau of Labor Statistics reveals the metros with the highest number of employed information security analysts:
The areas with the highest location quotient (or the ratio of the area concentration of occupational employment to the national average concentration) for information security analysts include:
For SMBs located near an area with a high concentration of talent, recruiting professionals from nearby companies is an option. For companies located outside of these areas, or if there’s a lack of skilled talent supply, a consulting firm may be the best bet.
Preparing for a Cyber Attack
Even for businesses that employ full-time information security personnel, ongoing support is critical. Organizations like SANS Institute offer classes, training and certification programs for employees to help them learn best practices for protecting their business against cyber threats.
For SMBs, cybersecurity isn’t a cross-your-fingers-and-hope situation. It’s a how-do-we-prepare-for-an-attack reality. Cyber defense is an ongoing initiative that begins with identifying vulnerabilities — and ends with building an impenetrable defense that keeps your intellectual property and data safe and secure.