Skip to main content

Your Board and risk management

For small business owners, it may seem your daily energy is caught up with just keeping the doors open and revenuescoming in. However, unless you were very fortunate when you started up, you have a board of directors; most likelyinitial investors whose focus is on the long term success of the company and on strategies for future growth. Part oftheir concern will be threats and risks to the present business. A particular concern may be the risks to the businessin the case of a cyber attack. Small businesses are just as vulnerable to cyber attacks as large companies. However,they are far less likely to have the resources to recover.

In our next few blogs, we are going to look at what ways a small firm may be vulnerable to a cyber attack. Inparticular, we discuss the major areas of vulnerability your business faces.Specific topics include customer and companydata loss, legal implications, fines and regulatory penalties, brand damage, downtime and revenue loss, and supply chainvulnerabilities.

Obviously, your shareholders want to understand how you plan to defend against and respond to cyberthreats, but that’s atopic for another e-guide. Today, we will talk about educating your board about one area that you are at risk for when acyber attack occurs.


This is the most obvious and immediate consequence of a cyber attack. Your business becomes partially or fully shutdown.Given our reliance on technology, almost every aspect of a business, even a small service business is, in some way,reliant on technology. For example, a medical office can’t function if its reservation system is attacked. Staff maylose the basic ability to know which patients are scheduled for the day. A smaller retailer can’t ring sales if the POSgoes down. If your website is attacked and compromised, that’s akin to shutting down the doors of a brick and mortaroperation.

Why is this a shareholder topic? Downtime places the entire organization at risk of failure. Small businesses are muchless likely to recover than are large businesses. Your Board will want to be informed about how you propose to keep theorganization safe.