A woman in a back office of a clothing store sits at a desk, using a laptop. The woman has a concentrated look on her face as she types; she wears a light pink long-sleeved blouse and a yellow-and-white patterned headband. Directly behind her are freestanding metal shelves filled with boxes and a rack filled with hanging clothes.
Although many people know that cybersecurity is important, they aren't necessarily knowledgeable about the risks and consequences of cyberthreats. — Getty Images/Bevan Goldswain

With the world more connected than ever, cybersecurity should be a top priority among organizations. However, many small and medium-sized businesses (SMBs) are ill-equipped for today’s cyber risks. Data from Cyber Readiness Institute (CRI) shows that fewer than 20% of respondents consider SMBs’ cybersecurity capabilities to be “effective” or “somewhat effective.”

CRI’s 2024 State of Cyber Readiness Among Small and Medium-Sized Businesses report highlights a three-pronged approach of awareness, implementation, and incentives as the best way to ensure greater cybersecurity for SMBs, which make up the vast majority of businesses in the United States.

[Read more: Risk Detection: How to Protect Your Business from Security Vulnerabilities]

3 steps to improving SMB cybersecurity

According to Karen S. Evans, Managing Director of CRI, the organization and its group of cybersecurity advisors and experts believe that better SMB cybersecurity starts with three primary areas:

  • Awareness: Raising SMBs’ awareness and understanding of cyberthreats and best practices to protect their businesses.
  • Implementation: Helping SMBs implement cybersecurity policies focused on human behavior to create cultures of cyber readiness.
  • Incentives: Rewarding SMBs for good cyber hygiene by advocating with insurers, global supply chain operators, and regulators.

Here’s why these three areas are so crucial for improving cybersecurity preparedness among SMBs.


While many recognize cybersecurity's general importance, there’s a significant gap in public awareness of its actual cost. Increasing awareness of the risks associated with inadequate cybersecurity practices is crucial to successfully encouraging SMBs to adopt stronger practices.

Offering educational programs to businesses and employees can build awareness about the dangers of poor cybersecurity and the benefits of practical measures. This knowledge can be shared among industries and networks using real-world stories to inspire change and encourage better cyber readiness.


Understanding cybersecurity doesn’t help much if you don’t put that knowledge into practice. That’s where a cyber leader or coach comes in.

Evans advised designating a dedicated cyber leader to help drive your cybersecurity efforts. It doesn’t necessarily have to be the business owner, she said, but it should be someone who is well-respected and can positively influence employee behavior. This person can focus on implementing cyber-ready strategies, educating employees on preventative measures, and ensuring their efforts yield results.

Cyber leaders should “periodically [remind] their colleagues of just how important good cyber hygiene is to the continuing success of any business,” Evans told CO—.

The report also calls upon service and technology vendors to develop user-friendly cybersecurity tools that make it easier for businesses to take action with minimal technical expertise. Additionally, it suggests a greater need for multi-factor authentication policies, which can help prevent 99% of cyber intrusions.

Understanding cybersecurity doesn’t help much if you don’t put that knowledge into practice.


Many SMBs need incentives to allocate resources toward cybersecurity due to its assumed costs and the extensive efforts required for implementation. Without an external push, such as regulatory standards that enforce data protection, these efforts often fall by the wayside. However, this can ultimately lead to vulnerabilities for everyone involved, from the organization’s employees to the supply chain to its customers.

CRI’s report highlights the need for more government tax breaks, subsidies, and accessible regional programs focused on cybersecurity to drive the adoption of these measures. Mandating these programs could lead to a better understanding of positive cybersecurity practices by giving SMBs the necessary tools and financial incentives.

[Read more: Cybersecurity Monitoring and Alerting: How To Know if You're at Risk]

Why cybersecurity should be a priority for every SMB

The best way to protect your business from cyber risks is to take preventative measures now, before it's too late.

“My strongest piece of advice to SMBs is do not wait,” Evans said. “We learn daily of new attacks on businesses of all sizes, which can be crippling operationally, financially, and reputationally.”

Instead, Evans suggests integrating cyber-secure practices into your operations and business culture. She equates cybersecurity to personal health habits like brushing your teeth, exercising, and eating healthy foods — you want it to be so ingrained in your business that prevention just becomes part of your daily workflows.

“We’ve made these things part of the routine of our daily lives because we understand the benefits and the consequences of not doing so,” Evans said. “Cyber readiness is no different.”

CO— aims to bring you inspiration from leading respected experts. However, before making any business decision, you should consult a professional who can advise you based on your individual situation.

Applications are open for the CO—100! Now is your chance to join an exclusive group of outstanding small businesses. Share your story with us — apply today.

CO—is committed to helping you start, run and grow your small business. Learn more about the benefits of small business membership in the U.S. Chamber of Commerce, here.

Brought to you by
Let's Make Tea Breaks Happen! Apply for a Pure Leaf Tea Break Grant
The Pure Leaf Tea Break Grants Program for small businesses and 501(c)(3) nonprofits is now open! Apply for a chance to fund ideas that foster healthier workplace culture and norms! Ideas can be new or already underway, can come from HR, C-level, or the frontline- as long as they improve employee well-being through culture change. Learn more about the Contest, including how to enter at the link below.
Learn More

Get recognized. Get rewarded. Get $25K.

Is your small business one of the best in America? Apply for our premier awards program for small businesses, the CO—100, today to get recognized and rewarded. One hundred businesses will be honored and one business will be awarded $25,000.