Vistage Research Center

Get actionable, data-driven insights and expert perspectives from our global community of CEOs and thought leaders. Led by Joe Galvin, Chief Research Officer

Debunked: 4 dangerous myths about cyberattack

When cyberattacks make the headlines, it is usually the big, far-reaching kind that affect FedEx, Boeing, Target. and their customers, it is usually a big, these are the kinds of companies that make headlines — multinational companies with billion-dollar revenues and thousands of employees. Problem is, this news coverage makes small and midsize businesses think they’re safe from cyberattacks, when the opposite is true.

Vistage recently teamed up with Cisco and the National Center for the Middle Market to determine whether small and midsize companies are prepared for a cyberattack. What our analysis uncovered wasn’t reassuring: The majority (62 percent) of small and midsize businesses don’t have a sufficient cybersecurity plan, and a quarter (24 percent) have experienced a cybersecurity attack in the last 12 months. On average, each cyberattack costs a small business $188,242, according to Symantec.

If you’re the CEO of a small or midsize business, here are four myths about cyberattacks you should be aware of, and actions you should take to protect your company from the hackers circling it.

1. Small businesses don’t offer anything of value to hackers.

Fact: Small businesses have credit card numbers, protected health information, employee data, personally identifiable information and other data that hackers can use to take out loans, steal identities, make wire transfers and complete other scams.

Take action: Perform a self-assessment (such as the NIST Cybersecurity Framework) and identify the critical assets in your company. This will help you figure out where to prioritize your areas of defense.

2. Hackers only go after large companies.

Fact: The majority of cyberattacks happen to small and midsize companies. They’re attractive to hackers because they hold valuable data and can be leveraged to break into larger companies. In 2013, hackers were able to breach Target via one of the partners in their supply chain.

Take action: Educate yourself about the threats that your business is at are at risk for. Small and midsize businesses are particularly vulnerable to malware attacks, ransomware, business email compromises, supply chain hacking, remote access trojans, drive-by downloads, spyware infections and security breaches via IoT.

3. Most hackers aren’t dangerous; they’re just teenagers.

Fact: Hackers are sophisticated computer criminals who are constantly refining and adapting their tactics. They are organized and ruthless.

Take action: Because cyber threats are always evolving, you should review your cybersecurity plan on a regular basis — ideally every six months — to make sure it’s robust enough and up-to-date. It’s best to engage a cybersecurity expert in this process.

4. Law enforcement will protect me from a cyberattack.

Fact: Law enforcement doesn’t have the time, resources or staff to protect most companies from cyberattacks.

Take action: Internal IT resources are not the equivalent of a cyber specialist. Hire a cybersecurity professional who has certifications such as Certified IS Security Specialist (CISSP), Certified IS Auditor (CISA) and Certified Ethical Hacker (CEH). In addition, make sure your company is fully compliant with cybersecurity regulations, such as NIST, PCI, SOX and HIPAA.


This article originally appeared in Inc. Magazine.

Print Friendly, PDF & Email

Leave a Reply

Your email address will not be published. Required fields are marked *

Predefined Skins

Primary Color

Background Color

Example Patterns

demo demo demo demo demo demo demo demo demo demo

Privacy Policy Settings

  • Required Cookies
  • Performance Cookies
  • Functional Cookies
  • Advertising Cookies
Required Cookies These cookies are essential in order to enable you to move around the Sites and use its features, such as accessing secure areas of the Sites and using Vistage’s Services. Since these cookies are essential to operate Vistage’s Sites and Services, there is no option to opt out of these cookies.
Performance Cookies These cookies collect information about how visitors our Sites, for instance which pages visitors go to most often. These cookies don’t collect information that identifies a visitor. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance.

Cookies used

Visual Web Optimizer
Functional Cookies These cookies remember information you have entered or choices you make (e.g. as your username, language, or your region), and provide enhanced, more personal features. They may also be used to provide services you have asked for such as watching a video or commenting on a blog. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

Cookies used

Google Analytics
Gravity Forms
Advertising Cookies These cookies are used to make advertising more relevant to you and your interests. The cookies are usually placed by third party advertising networks. They remember the websites you visit and that information is shared with other parties such as advertisers. If you do not allow these cookies, you will experience less targeted advertising.