Small businesses represent half of the country’s GDP.
They represent just over 99% of all employer firms, and 64% of all net-new private sector jobs.
They handle sensitive data related intellectual property, customer identifiable information, trade secrets, financial information, etc… (you get the idea) as much as large companies do.
And they represent over 90% of the Defense Industrial Base (supporting the US Department of Defense and ultimately our nation’s security).
Two-thirds of small business have suffered a cyber attack in the past twelve months.
60% of them will go out of business within six months of a serious cyber attack.
Although they represent half of the country’s GDP, they spend proportionally much less on cybersecurity (I’ve seen anywhere from one-third to one-tenth). There’re lots of reasons for that, but the primary reason is the cybersecurity industry initially focused exclusively on the large enterprise clients. SMBs, as everyone is painfully aware, were left behind.
So, we’re in a situation where a large segment of our economic machine is significantly underrepresented in the cybersecurity market. And this large segment, as I mentioned above, represents almost every employer in the country. So, who has their backs?
The unsung heroes are the MSPs that support these small and medium-sized businesses. And the smart ones are beginning to realize how important the security aspect of their service offerings are. In addition to managing desktops and routers and firewalls, they’re performing vulnerability scans and penetration tests. Sometimes they’ll add an extra “S” in their moniker (MSSP: Managed Security Service Provider).
I’ve written in the past that Cybersecurity’s evolution will lead to its inevitable institutionalization, meaning the purview of oversight (and coordination for support) will lie with already established institutional organizations like law firms, accounting companies, and insurance brokerages. I forgot to add one: MSPs.
Sera-Brynn is not an MSP, but we definitely support them. As global auditors and compliance advisors, one of the services we provide (because it’s practically a requirement for every compliance framework) is SIEM as a Service, or “continuous monitoring” depending on who you’re talking to. And just like with our partnerships with law firms, accounting companies and insurance brokerages, we support the small business community by partnering with their institutional IT partner, their managed IT service provider. After all, once we discover something is amiss (and we always discover something is amiss), who’s going to fix it? The MSP, that’s who.
As the Department of Defense starts solidifying their Cybersecurity Maturity Model Certification (CMMC) framework, and states begin legislating stricter privacy rules, and other cybersecurity regulatory requirements solidify, it’s important to keep the MSP in mind as the front-line advocate and defender for our small and medium-sized businesses. And cybersecurity companies would do well to remember that although the large enterprise clients may seem like the shiniest target, their importance to our society through economic activity and personnel opportunities pales in comparison to the other 99.6% of employers.
And you’ll reach them through their MSPs.
About the Author
Rob S. Hegedus is the co-founder and Chief Executive Officer of Sera-Brynn, a globally ranked “Top 5” Cyber Security Audit and Advisory firm headquartered in Hampton Roads, Virginia. He is a huge advocate of supporting the SMB business community through their existing MSP network of service providers.