According to a new Gartner report covered in Forbes recently, the cybersecurity market will top $124B in 2019. That represents about a 10% increase over the expected final total for cyber spending this year.

What are the key factors affecting this growth? Things like the pervasive fear of cybercrime impacts and costs, data privacy concerns (and the litigation that comes with it!), cyber threat detection, and incident response.

If you ask anyone from a Fortune 500 company, this info not only wouldn’t be surprising, it would be expected. Maybe even seen as a little low as far as annual increase percentage goes. As cyber threats (and their penalties) increase across the board, those companies most well-equipped to deal with it are always looking for new solutions and more coverages to close holes in their defenses.

But what about everyone else?

In the U.S. alone, there are about 30 million small businesses. In fact, 99% of the companies in America have less than 5,000 employees, thus making them “small” organizations. Yet these smaller companies – the ones least able, outfitted and prepared to defend themselves – represent the majority of the cybercrime attack surface.

What’s more, quite often it’s these smaller companies that are themselves, once hit, a vector for critical cyber threats to the larger firms upstream in supply chains. No large business exists without dozens or even hundreds or thousands of smaller businesses supporting them.

Yet each year, as cybersecurity expenditures rise, it’s always just that top one percent of firms that consume all the products, solutions, and services. More importantly – and quite possibly most worrisome – they’re also pretty much the only customers the cyber market’s ecosystem of vendors build all those nifty things for.

Water, Water Everywhere and Not a Drop to Drink

When we say the words “small business,” almost everyone thinks of a “mom and pop” shop. The majority of small businesses, in fact, are not tiny. They’re less than 5,000 employees, but more than a hundred. Many of them earn considerable revenues in the millions or tens of millions per year, especially in the financial services, real estate, and investing sectors.

Despite their fortunes and numbers, these companies that comprise “center mass” of the cybercrime bullseye have some serious and fundamental security issues:

  • Most small companies (rightly) worry more about profit, loss, customer loyalty and sales than cyber badness they barely understand
  • Few small companies prioritize cybercrime as a major risk to their operations
  • Most small companies do not budget for cybersecurity at all or carve out small space in overall IT budgets
  • Few small companies have any dedicated, highly-skilled cybersecurity staff
  • Small companies who do any cyberdefense at all usually engage in limited small-scale efforts aimed at only one or two problems
  • Most small companies do not keep their IT environments, security tools, and solutions in lock-step with evolving cyber threats
  • Almost all small companies rely on their technology tools, providers, and vendors to be secure and thus keep them safe

As a result, cybersecurity vendors, themselves trying to be successful businesses, create, market, equip, and price cybersecurity solutions for only those businesses whose management prioritizes cyber defense and who can afford to buy and implement often pricey, complex, and sophisticated products.

And that leaves the bulk of the business world adrift in a sea of cyber threats and the solutions needed to counter them that they can’t afford, don’t know how to use and don’t have the people to implement anyway.

The end result?

Cybercriminals indulge every day like kids in so many candy stores where the owners are always away. Plus, even the one percenters, although better equipped to deal with cyber threats, are always a little less safe due to the shaky foundations below them.

Teaching Men (and Women) to Fish for Low-Hanging (and Low-Cost) Fruit

A college English professor of mine told me once that mixing metaphors is a sign of low intelligence. I’m not sure if that’s correct or not, but it sure is fun – and, in this case, it makes a good point about small businesses (and large ones too!) and cybersecurity.

The biggest obstacles to making small business more secure are that they don’t understand the threats in general (and what they can do) and they don’t have the money or the know-how to buy and use the tools they need to get safer. But until the cybersecurity marketplace sees enough of an actual market to build and deliver products these companies can afford and actually use, the majority of our businesses will stay (un)safely in the cybercrime cross-hairs.

Here at Musubu, we believe that even a tiny bit of education and taking even a very small step or two can go a long way to making us all safer.

If You Only Do One Thing…

A big, majority portion of all cybercrime makes its way into businesses via their websites and open network assets (such as APIs, cloud filesystems, and the like). If you are a business owner (or manager) and not a regular reader of the report, we highly recommend you take a look at the annual Verizon DBIR or “Data Breach Investigations Report.”

Just a quick look (even if you’re non-technical) and you’ll see that things like the below are the top threats to your business bottom lines:

  • Ransomware – Bad guys coming from sinister servers and IP addresses can lock up your data, your desktops, sensitive customer info, and more all by gaining access to your sites and networks.
  • Crime/Malware – Cybercriminals launch things like “watering hole” attacks from servers designed to infect your employees when they click to them.
  • Phishing – Email is the preferred method of delivery for infecting companies with malware and launching watering hole attacks.
  • Website Attacks – The bad guys have an internet-full of business websites that let them do things like steal credentials, set up phishing sites, and steal valuable customer information inside your website databases.

These threats are pervasive and can be very impactful. The good news, though, is that a big chunk of these threats can be weeded out day-in and day-out with very simple, but robust approaches.

For starters, by knowing what the threat levels and reputations are of each and every server that accesses your websites, networks, or apps, it’s very easy to keep them from getting in behind your company’s walls in the first place. Business owners and managers can use a service like Musubu APIs to have their IT support implement super-simple, dynamic firewalls that add any “bad actor” connections from servers with a high risk of things like ransomware, phishing, spam, and TOR to blocklists in their firewalls.

small business cybersecurity

Conventional wisdom always says it’s better to “nip it in the bud” with any potential risk. So too it is with cyber threats. If all small businesses adopted just this one simple approach, we’d all be much, much safer for it.

More Resources for You

Learn How Your Own IP Addresses Are Threats –

6 Basics to Know About IP Addresses –

The Complete 2019 Cyber Security Guide for Beginners –


Small Investment, Huge ROI

Want to make your company significantly safer for just $29/month? Get our Musubu API for small business. Quickly identify any and all servers connecting into – or out of – your networks, apps, and websites. Block the bad ones, keep cybercriminals outside your walls.

Contact us now and we’ll help you set it all up!


About the Author

Jason Polancich

Jason Polancich is app designer and digital marketing lead for Polancich is a linguist, software engineer, data scientist, intelligence analyst, and real estate broker and investor with his wife and business partner Rebekah. He's also the founder and lead architect of VandalsSmile, a data-driven, small business marketing and lead generation network making big data work practically and usefully for owners. Polancich also originally created HackSurfer/SurfWatch Labs (Pre-VC), a cyber analytics firm founded in 2013 that provided highly accurate, timely and actionable information to businesses regarding the cybercrime threats they face. Polancich is a serial entrepreneur focused on solving complex internet commerce, data analysis, and cyber-defense problems. Novii Design, a company he co-founded in 2005 with Rebekah Lewis-Polancich, was based on his contributions to cloud architectures, distributed computing, data analysis and systems integration. The company assisted the U.S. Intelligence Community and Department of Defense in building some of the largest data warehouse and analysis systems ever put into operation within the government and defense contracting sectors. Novii Design was sold to Six3/CACI in 2010. Polancich is also a service-disabled veteran of the U.S. Army. Amazon Author Profile.

Contact Me