Four things I’m reading this week:
60 Percent of Small Businesses Can’t Be Wrong – Can They? In the last four months, a new statistic has been making the rounds in DC. It’s appeared in cybersecurity bills in the House and Senate and has been referenced in Congressional testimony. According to the statistic, 60 percent of small businesses that are the victim of a cyber attack fail within six months.
The statistic is also without any basis and almost certainly wrong. But despite that, it’s actually not that surprising that it’s gotten so much interest, because if you don’t examine it closely, it sounds like the sort of statistic one might expect about cybersecurity. Digging into this response actually reveals quite a bit about how we think about cybersecurity.
As addressed in many public debates, cybersecurity seems like a strange, inexplicable, existential threat that routinely topples large and small organizations. This fits with terms like “cyber Pearl Harbor,” and “cyber 9/11” that seem to persist no matter how many times they are debunked. This is the same perspective that underlies this new stat.
But as many people have said, this vision of cyber threat is far wide of the mark. Rather than a rare, existential event, cyber intrusions are much more like an ongoing, low-grade threat that degrades trust in the system as a whole. The fact that we continue to focus on these mythical, massive cyber threats means that we radically underinvest in the real costs that we face every day – and this is part of why our national cybersecurity investment continues to seem misaligned with the threat that most organizations face.
So this statistic isn’t just important because it’s wrong – so wrong, in fact, that if it were correct, it would probably mean that virtually every small business failure would be because of a cyber event. It’s important because it reveals how we misunderstand cyber-enabled threats, and how that misunderstanding leads to misinvestment and contributes to the challenges we face today.
I'm reading: "How a Fake Cyber Statistic Raced Through Washington."