Should cybersecurity be a priority for small businesses and social entrepreneurs?

This is an answer to a question submitted to the "Ask me anything (AMA)" program. This AMA channel is designed to support you get clarity to business/tech questions you may have. Periodically, I select a particular response that we feel can benefit the broader community.

Short answer: YES definitely but I would like to qualify why and provide some context.

Size of cybercrime industry
Companies compromised

Using some data points, research from purplesec indicates that:

  • Cybercrime grew 600% in 2020/2021
  • 43% of cyber-attacks target small businesses, of which 70% are not equipped to deal with such attacks.
  • 48% of data security breaches are caused by acts of malicious intent. Human error or system failure account for the rest.
Key stats

Having spent 15+ years leading digital solutions used by companies to strengthen their ability to monitor manage and secure infrastructure, I may be slightly biased in this.

Highly disruptive

Security is multifaceted:

  • You want to protect from attacks that happen from the outside
  • You want to protect from bad things happening from the inside i.e. what your own people/suppliers do that can impact the integrity or your ability to function.
  • You may need to show regulatory compliance (e.g. fintech and payments space)
Multi vector

Normally people communicate with leadership using very complicated jargon that means nothing to the business eg. patch management, endpoint protection, firewall, AV, malware, phishing, risk intelligence, password management etc etc. These are pains and not seen as solutions (typically, unless they have already been bitten beforeā€¦..)

This also means that security means different things to different people.

Leadership attitudes


  • The leadership of small businesses think of security in terms of business continuity. I just want to know my data is safe (because I expect it to), and no one unauthorised is accessing it (because I expect it to) and in a way I can provide my services, and communicate with customers.
  • The leadership of medium+ businesses think in terms of disruption to productivity, and legal ramifications if they do not meet due diligence in security assets, infrastructure and customer data.

This applies to all types of digital infrastructure, whether you are running solutions in the cloud, on-premise or hybrid. It also doubly applies if you are running a digital transformation process to add value to your business assets and your customer experience:

business assets

In the end, it all comes down to the value a business reaps from the effort needed to achieve the desired level of security.

You need to establish a comprehensive framework that enables the proper management of the digital dimension of your business to:

  • Keep pace with the expanding digital footprint to do work.
  • Balance and manage the costs and risks of cyber threats to your environments and productivity.
  • Develop and maintain security policies.
  • Enable people to work from any device or location of choice securely while keeping up with modern security demands.

If you are keen to learn more on this, check out this course:

what matters in security

This post and the information presented in newsletter, events and website content are intended for informational and entertainment purposes only. The views expressed herein are of the author alone and is not a recommendation of an investment strategy or to buy or sell any security, digital asset (including cryptocurrency) in any account. The content is also not a research report and is not intended to serve as the basis for any investment decision. While certain information contained herein has been obtained from sources believed to be reliable, neither the author nor any of his employers or their affiliates have independently verified this information, and its accuracy and completeness cannot be guaranteed. The content is not legal advice. Any third-party information provided therein does not reflect the views of Accordingly, no representation or warranty, express or implied, is made as to, and no reliance should be placed on, the fairness, accuracy, timeliness or completeness of this information. The author and all employers and their affiliated persons assume no liability for this information and no obligation to update the information or analysis contained herein in the future.

Should cybersecurity be a priority for small businesses and social entrepreneurs?

Get updates straight to your inbox.

You've successfully subscribed to Andre Muscat
Great! Next, complete checkout to get full access to all premium content.
Welcome back! You've successfully signed in.
Unable to sign you in. Please try again.
Success! Your account is fully activated, you now have access to all content.
Error! Stripe checkout failed.
Success! Your billing info is updated.
Billing info update failed.