STUDY: Many Small Biz Owners Unsure of Rules Regarding Consumer Info

While more companies are providing cybersecurity awareness training for employees, less than 50 percent of SMBs in a recent survey have a plan for how to respond in case of a breach.

As previously reported by SocialTimes, small and medium-sized businesses don’t feel prepared when it comes to cybersecurity. One of the most concerning parts the earlier study by IT research firm Software Advice was that many businesses had no plan in place in the event of a breach. However, new research from the same firm indicates that more small businesses are getting more prepared.

Software Advice conducted an online survey of 180 owners and decision-makers at SMBs throughout the United States. All participants worked at companies that stored PII — Personally Identifiable Information — gathered from customers.

Since 2002, 47 states have enacted laws that protect consumer PII, and most of those laws require companies to inform customers that there has been a data breach. However, only 33 percent of participants were “very confident” when it came to understanding disclosure laws relating to data breaches. 19 percent were “minimally confident” and 14 percent were “not at all confident.”

PII laws can cover a wide variety of information, including emails and passwords, to SSN, and biometric data. Additionally the laws can apply to customers who live outside the company’s primary state of operation.

Despite the confusion about reporting PII data, SMBs are doing a little better when it comes to security infrastructure and planning. 74 percent of companies polled have staff trained in security, 59 percent have regular policy compliance tests, and 58 percent conduct regular vulnerability assessments.

Unfortunately, when it comes to response plans, only 49 percent of respondents had a plan in place in case of a breach. Additionally, only 29 percent have cyber insurance, and nine percent of respondents have implemented none of these measures. Thankfully, 82 percent of companies encrypt the PII data they have access to, so there is at least one line of defense for customer data.

View the full report for advice on how to secure your customers’ PII, and advice on creating a breach response plan.

Recommended articles