In 1973, a book by British economist E.F. Schumaker took the world by storm, challenging conventional western economic theory, and championing the notion that appropriate scale was critical to long term sustainability. The book, “Small Is Beautiful: A Study of Economics as If People Mattered,” was hugely influential, as it mixed philosophy with economics to paint the picture of a far better world where small size could be embraced as a virtue. His message could be summed up in the phrase, “production by the masses, rather than mass production.” It remains the case today that small can be beautiful, but recent guidance from the U.S.  House of Representatives Small Business Committee reminds us that in the cyber world, small also can be quite perilous.

The congressional committee posted advice on how small businesses should prepare for cyber breaches and protect data. What was particularly notable was this chilling reminder, “nearly 60 percent of small companies go out of business following a hack and 71 percent of all cyber assaults occur at businesses with under 100 workers.”

The committee’s finding are consistent with information available from the National Cyber Security Alliance, as reported by David Wither of Tech.Co: “In another cyber security survey of 1,000 small business owners, 85 percent admitted that they believed large enterprises were more targeted than they were. This finding explains why small enterprises continue to pay little attention to Cyber Security. In reality, however, cyber criminals do not discriminate and have no priority targets. They attack any weak security system, whether it is a small business or a large one.”

The Small Business Committee’s advice for small businesses can be found here. For additional information, see these U.S. Small Business Administration’s tips.

To Mr. Schumaker’s estimable phrase, “Small Is Beautiful,” we add the caveat that from a cyber criminal’s perspective, beauty is in the eye of the beholder. One does not wish to be too beautiful a target.

By Tom Davis, SDI Cyber Risk Practice

March 14, 2017