Wednesday, May 27th, 2020

Small Businesses need practical tools to increase their cyber resilience

Small business entrepreneurs and the self-employed make up the backbone of the global economy as a crucial source of employment, innovation, and social integration.

Despite their crucial role, they represent one of the most vulnerable communities in terms of resilience against cyber threats. 58% of cybercrime targets small businesses, and, according to the FBI’s Internet Crime Report, the cost of cybercrimes reached $2.7 billion in the United States in 2018 alone.

A survey conducted in December 2019 revealed that most small businesses (64%) said they were planning to allocate more resources to cybersecurity in 2020 [1]. However, the current global pandemic poses a different sort of existential threat. Currently, small businesses account for a disproportionate share of the vulnerable jobs. Before COVID-19, they provided nearly half of all US private-sector jobs, yet they account for 54 percent (30 million) of the jobs most vulnerable during COVID-19 [2].

Thus, small businesses currently face the existential challenge with an uncertain future as economies slowly reopen and will be likely seriously resource constrained for the foreseeable future, with no-to-limited resources for cybersecurity. Yet, even during the pandemic, opportunistic malicious actors continue to target these businesses for ransomware [2].

Those businesses that will be able to recover from the crisis should be supported in the area of cybersecurity resilience to mitigate the threat of continuous bleeding of resources which will be injected into the sector.

There is an important gap in cybersecurity posture of small businesses inasmuch the available high level guidance to small businesses describes mitigation of cyber risks while not providing the resources to mitigate these risks at scale.



Global Cyber Alliance (GCA), a global not-for-profit dedicated to providing free solutions to mitigate cyber risk at scale, conceptualized and implemented one of possible measures to increase the resilience of small businesses through its Cybersecurity Toolkit for Small Business (“small business toolkit”) and its work-from-home campaign.

The reason why GCA started to work on toolkits is that in the market today there are two main sets of resources for small businesses:

Tools that are too complicated for small business owners to implement;

High level guidance that describes mitigation of cyber risks while not providing the resources to mitigate these risks.

GCA has bridged this gap by creating the small business toolkit that combines easy-to-follow guidance with effective and free cybersecurity solutions. We see the toolkit as an important way to protect the economy and individual organizations’ supply chain, given the importance of small businesses in the supply chain globally.

The small business toolkit operationalizes basic cyber hygiene guidance by providing, free and curated tools that help, for example, to conduct inventories of devices and applications to ensure small business owners are aware of devices needing protection, ensure that security settings of devices are automatically updated; ensure that accounts are protected by strong passwords and two-factor authentication; protect company brand and ensure emails and websites are not being used fraudulently or for malicious purposes; and implement policies and recommendations for training employees to understand how to identify and avoid phishing emails.

GCA is looking forward to supporting the small business sector to support their efforts to increase their cyber resilience and implement basic cyber hygiene measures.

Klara Jordan, is the Executive Director, EU and Africa, at the Global Cyber Alliance. You can follow her on Twitter at @JordanKlara or connect with her on LinkedIn.


  1. 67% of Small Businesses Aim to Increase Cybersecurity in 2020: Report, CISOMAG, 24th of April 2020,

  2. Small Business Is Big Target for Ransomware, DarkReading, 16th of April 2020