The Upcoming Cybersecurity Skill Shortfall In Small and Medium Businesses

Author: Terry Michael

Most Small and Medium Businesses (SMB) have a medium horizon plan covering company areas such as revenue sales targets, and vendor cost out-goings to manage and balance company cashflow, with few fortunate to have a Business Plan that goes beyond 12 months for these 2 key business areas.

However the cost of cybersecurity or information security risk management of meeting many various federal legal, statutory or commercial agreement requirements is increasing and for many small and medium businesses could result in a financial crisis requiring new loans and or overdrafts to be extended to address the many new and revised cyber and information legal statutory requirements and commercial binding trading agreements which all have heavy fines and penalties.

Rarely have small or medium businesses accounted for failing to meet these requirements if notified by Banks, Card Payment Brands such as VISA or MasterCard or the many Federal Government agencies involved in enforcing customer or consumer Privacy and Information Security, including Law Enforcement Offices dealing with financial crimes. The remedies are usually very expensive by engaging specific cyber or information solution agencies and always fall on the company to rectify, as ignorance of the law or specific commercial requirements is not a reason why legal, statutory or commercial requirements could not be met.

However, all small medium businesses can have an active plan to deal with the increasing risk of cybersecurity and information, which covers company Cloud data storage and Website financial transactions, and also data/information security, in which legally there is a strong statutory requirement to keep customer, consumer and personal data safe and secure, enforced through heavy penalties and fines.

The key to successfully deal with cybersecurity and information security risk and issues within small to medium businesses which tend to fester and spread into other parts of the business is to have :

• A structured and maintained cyber and information security training program to upskill key employees within the company,
• also demand cybersecurity and information security compliance and certifications from company Vendors and Suppliers that handle, process or store the company financial transactions, customer information or personal data, and
• then finally supplement specific skill shortfalls with cyber or information security resource providers with certifications of meeting various legal, statutory and commercial compliance standards.
• Finally, and most importantly, small and medium businesses need to perform annual or preferably bi-annual independent compliance and cyber security audits. This identifies company blind spots to allow active business owner management and mitigation before a company financial crisis occurs.

The cyber and information security skills shortage will continue to grow over coming decades it has been reported by many key papers, and small and medium business will suffer as many highly skilled professionals seek higher corporate salaries.

The only way to evade being caught between cyber skill shortages and increasing cyber privacy security laws is to plan to manage the 3 areas outlined above and ask for help from specialist companies like TLM-Cyberstrategy.