the cyber security spotlight is shining on supply chains because, as the old saying goes, you’re only as strong as your weakest link. Criminals see small business increasingly as the weak link because larger businesses are dedicating more resources to and becoming more savvy about cyber security.
A clear indication that cyber criminals are turning to smaller businesses as a result of big business’ increased cyber security awareness and capabilities is that 43% of cyber attacks target small businesses up from 18% just a few years ago. 
The rate at which cyber attacks against small businesses grew last year is a staggering 424%. 
The costs of a cyber attack are significant and it is likely that many small businesses will not survive an attack. On average small/mid-sized businesses spent $955,429 USD to remediate after an attack in addition to the average $879,582 stolen from the businesses.  The US National Cyber Security Alliance states that 60% of small businesses that suffer a cyber attack go out of business within half a year.  The first step in responding is figuring out how the attack happened. Unfortunately, this alone will require help that could cost as much as $15,000 USD.  Interestingly enough, the cost of getting back to business as usual far out measures the actual amount of money taken in a cyber attack.
The good news is that once a small business has a clear picture of the strengths and weaknesses of their information security applications, systems and networks the cost of remediating any weaknesses is far less costly than it is for larger organizations. It is, however, difficult to find affordable services required to provide them with the clear picture of their current situation and the actions required to remediate any weaknesses. Whilst larger organisations have their own information security resources to undertake the work, small businesses need to outsource.
The cost of the assessment and reporting services however, are often prohibitive, whereas ironically the fixes required are not necessarily so. InfoSecAssure is an affordable and easy to use tool that assesses, provide remediations and produces assurance reports for both clients and regulatory assessments. Businesses can perform a quick 25 question Health Check or can assess against specific regulations. For many small businesses a Health Check is likely all that is required. ISA will provide remediation actions for any weaknesses and once the remediation actions are taken a small business can redo the assessment and provide its customers with a professional report assuring clients that their intellectual property, customer credit or debit card information, financial information, employee records and business correspondence are secure.
It is not all doom and gloom though as this presents both opportunities and challenges for small businesses. We have described the challenges however there is a real **opportunity** to obtain new customers where their previous suppliers were not able to prove their cyber security/resilience. InfoSecAssure is ready to help you do just that.