The security measures adopted by most large companies have caused cybercriminals to set their sites on small businesses, which are much less secured in general. A 2005 Small Business Information Security Readiness study of 1,000 small businesses revealed that while an estimated 70 percent of respondents considered information security a high priority, and over 80 percent trusted their current security measures, 56 percent had experienced at least one security breach in the past year, and many of these companies had not taken proper steps to prevent future attacks. The study also found that more than 60 percent of small businesses didn't even use the most basic encryption for their wireless networks, and 20 percent didn't use virus scanning software for email.
Former White House cybersecurity advisor Howard Schmidt said the business plan for all companies should include an Internet security plan. "When someone submits a business plan for financing to a bank or the SBA [Small Business Administration] or something, the business plan should not just be about their customer base, product ideas and marketing strategy. It's also important that they have an Internet security plan in place," he said. He also commented that every small business computer security plan should include anti-virus software, anti-spyware software, a firewall and anti-phishing programs on all computers.
Cybersecurity measures are not cheap; experts recommend spending about $200 per employee per year for adequate protection, which should include a vulnerability assessment. In response to the growing demand, many tech companies that offer security suites designed especially for small businesses have recently opened for business.