An expert explains why spending more on cybersecurity isn't the best way to protect your business

REUTERS/Noah BergerOnline sales peak during the holidays, with most transactions occurring on ‘Cyber Monday.’
  • It’s crucial for companies – from small businesses to massive corporations – to protect against cyberattacks, especially as e-commerce ramps up for the holidays.
  • Consumers expect small businesses to be as secure as big companies for online shopping and will abandon retailers if they believe their information is insecure, according to a new study from the Cyber Readiness Institute.
  • But the best way to protect against cyberattacks isn’t to simply spend more money on cybersecurity, according to CRI managing director and former Obama adviser Kiersten Todt.
  • Todt spoke to Business Insider about the biggest mistakes businesses make when it comes to cybersecurity.
  • Visit Business Insider’s homepage for more stories.

More than a hundred billion dollars will change hands online in the coming months as e-commerce ramps up through the holiday season. For scammers and hackers, that means there will be more opportunities than ever for cyber attacks and online fraud.

Consumers are increasingly wary of online retailers that are susceptible to cyber attacks. Three quarters of US shoppers are less likely to spend money at large and small businesses that suffer breaches, according to a new report from the Cyber Readiness Institute.

The report found that consumers expect large and small businesses have the same level of security. That perception may be well-founded, since businesses of all sizes face similar risks regardless of their cybersecurity budgets, according to Kiersten Todt, the managing director of CRI and a former adviser to President Barack Obama.

“Doubling your security budget doesn’t double your security. It’s not a one-for-one when you look at cybersecurity investment,” Todt said. “What we focus on is investing in policies that don’t actually involve investing money.”

Todt told Business Insider about steps businesses can take to improve cybersecurity without spending more money, as well as red flags consumers should look out for when shopping online through the holidays.

The Cyber Readiness Institute study found that consumers make decisions about where to shop based on cybersecurity — 45% of respondents are less likely and 31% will never shop at a small business that was hacked and lost personal information.

Hero Images/Getty

Further, 55% of respondents said they stopped making an online purchase because of concerns around cybersecurity or privacy.

Michel Spingler/AP

According to Todt, most consumers aren’t well-educated about cybersecurity and only hear about breaches that make headlines or affect themselves or a friend. Nonetheless, shoppers make decisions based on this information.

To minimise the risk of cyber attacks, businesses should treat cybersecurity as workplace culture issue, rather than an IT issue, according to Todt.

10’000 Hours/Getty Images

“For a long time we saw cybersecurity residing in the IT department. In this day and age, everyone is a member of the cyber workforce,” Todt said. “As a company, every individual has an accountability and a responsibility for security.”

Jeff Chiu/AP

According to Todt, 91 per cent of all breaches at companies come from phishing, wherein hackers gain access to a system by posing as someone else and fraudulently gleaning someone’s personal information or passwords.


The best way to prevent phishing breaches, according to Todt, is to “create a culture of privacy and security at your company.”

Oli Scarff/Getty Images

Employers should encourage workers to change passwords regularly, avoid using USB drives that come from outside the company, and study the warning signs of phishing, according to Todt.

Associated PressFILE

In addition, “‘password’ is a bit of a misnomer – what you should actually be using is a ‘pass phrase’ and make that pass phrase as long and difficult as possible,” Todt said.

Todt also suggests that shoppers be aware of phishing during the holiday season, given that “it’s very easy to track your shopping history and phishers will say, ‘Oh, we saw that you purchased this item, please click here … always check the email addresses that these messages are coming from.”


Business Insider Emails & Alerts

Site highlights each day to your inbox.

Follow Business Insider Australia on Facebook, Twitter, LinkedIn, and Instagram.