Cybersecurity for small businesses is big news, hacks are no longer something only read or heard about as happening to large organisations or governments. In December, a UK cybersecurity breach caused mass disruption in the lives of many ordinary people when 300 branches of a national chain of small supermarkets and convenience stores had to close after its IT and card payments system provider was hacked. Many other branches were restricted to serving only cash-paying customers only. So much for the advantages of a “cashless society.”
This follows other headline-making cybersecurity breaches that have previously closed down medical operations in UK hospitals and disclosed confidential patient records, and compromised account details of European credit card holders and telco customers. In Baltimore USA, a 2019 hack that shut down most of the city’s servers and some government applications cost the city authorities an estimated $18m in direct costs and subsequent revenue shortfalls.
Cybersecurity protection providers have mainly focused on the largest organisations. They were perceived as the ones most at risk, and also able to meet the cost. It’s not cheap: the average wage of a cybersecurity engineer in London, UK, is roughly £50,000. This does not help the provision of affordable cybersecurity for small businesses.
Heightened cybersecurity risk
Pandemic lockdowns and the mass switch for many office workers to cloud-based working from home escalated the issue. There is more traffic to target and residential internet connections are more vulnerable, giving hackers an easier entry point to disrupt organisations and people’s lives. As a result, smaller businesses and other organisations are now more likely to be targeted.
In the face of the growing risks, many small and medium size enterprises have tried to work out for themselves how to protect their systems at affordable costs. However, research among hundreds of small business owners released in March 2020 by the U.S. Cyber Readiness Institute showed only 40% had implemented a remote work policy focused on cybersecurity as a result of coronavirus.
Further research which surveyed small businesses in both the U.K. and the U.S. found that nearly 43% of small business owners were not at all prepared for a potential cyberattack or breach, leaving their most sensitive financial, customer, and business data at risk.
Cybersecurity-as-a-service (CSaaS)
The startup Cyvatar has developed an innovative cybersecurity-as-a-service (CSaaS) model. It combines human talent, proven processes, and best-in-class technology. It was launched in October 2020 by co-founders Craig Goodwin who is UK-based, Corey White who is in California, and Maria Velasquez. They had raised $3 million by the end of the year, and in June 2021 raised a further $9 million in Series A financing to help scale and service its fast growing customer base. It has introduced and delivers smart cybersecurity solutions for small businesses, helping them achieve compliance with operating standards and effective security levels faster and more efficiently in the face of the exponential growth in cybercrime.
Its subscription model is disrupting what is an estimated $218 billion industry in 2021, and is expected to grow to a forecast $345bn in 2026. What makes the model different is that a company’s monthly fee is fixed in advance, based on the range of services it requires and its employee headcount.
Size of the cybersecurity market worldwide from 2021 to 2026
(in billion U.S. dollars)
What’s making the difference at Cyvatar?
As the industry’s first subscription-based, cybersecurity-as-a-service (CSaaS) company, Cyvatar’s mission is to transform the way the security industry builds, sells, and supports cyber solutions. They establish a strategic process roadmap to guarantee results that reflect their subscribers’ business drivers. Then they provide the tools and technology, and access to expert advisors who can empower them to handle it themselves. In-house employees are thus continually improving their own cybersecurity skills.
Cyvatar is a global organisation, with its main offices in the U.K. and U.S., and operations around the world providing cybersecurity for small businesses. Their approach is rooted in proprietary ICARM (installation, configuration, assessment, remediation, maintenance) methodology that delivers smarter, measurable security solutions for superior compliance and cyber-attack protection faster and more efficiently.
It is all provided at fixed monthly subscription prices. Prices range from a Freemium service up to $60 per month per employee. Its startup and small to medium size business clients (up to 250 employees) can cancel at any time. So far, however, it looks like nobody’s leaving as cybersecurity for small businesses becomes more important.
Crowdsourcing can side-step a labour shortage
At the other end of the cybersecurity market, including protection for government departments and global corporations, the shortage of cybersecurity engineers also has an impact. Even the most expert specialists need to devote time to training to handle sector technology and risk analysis developments, over and above the critical executional work they handle. It seems many employers underestimate this requirement, compounding what cybersecurity engineers already believe to be inadequate pay for the risks they keep at bay. Nobody can measure the cost of failure until it happens, and in the meantime many of them feel under-valued by company senior management.
Crowdsourced cybersecurity platforms such as Synack provide opportunities to earn additional income. They post work assignments for their vetted crowds of “ethical hackers” to try to infiltrate client sites and apps, looking for bugs and weaknesses. Payment is usually on a piece-work basis, and calculated on the number and seriousness of items found and verified. The white hat hackers don’t want to miss the easiest finds, and respond quickly to new work opportunities. Clients thus have access to an on-demand service, paying by results rather than for employees’ time. They will also find out fast if they have to offer higher incentives.
Synack protects leading global banks, federal agencies, DoD classified assets and more than $6 trillion in Fortune 500 and Global 2000 revenue. “We’re facing a global cybersecurity crisis,“ said CEO Jay Kaplan, adding that there’s not enough talent to go around. The new CMO Claire Trimble will be looking for more cybersecurity professionals to add to their network, as well as present a case to organisations that seek protection.
BOLD Awards III
“Boldest Cybersecurity” is one of 20 categories in the BOLD Awards 2022, the third year of this annual award scheme for digital industries. They source and recognize top companies, projects and individuals powering breakthroughs around the world. They are a joint venture between Crowdsourcing Week and H-FARM, one of Europe’s leading innovation hubs.
After a round of public voting in January 2022, an international judging panel will review a shortlist of entries. The winners will be announced at a gala dinner ceremony hosted by H-FARM at their campus in Venice, Italy on Friday April 22nd, 2022.