Cyberattacks have increased by 400% since before the COVID-19 pandemic. As cyberattacks become more prevalent, it’s especially important that small businesses protect themselves, since they face a high risk of bankruptcy following a cyberattack.
Small- to medium-sized businesses (SMBs) typically don’t prioritize cybersecurity as much as large companies, which makes them prime targets for malware, phishing, viruses, and other cybersecurity threats. According to the 2021 Data Breach Investigations Report, an estimated 86% of cybersecurity breaches will have a financial impact that could range from just a few hundred dollars up to hundreds of thousands. This unexpected cost could be too much for many SMBs to survive.
As internet experts, we take cybersecurity seriously, which is why we evaluated which states’ businesses fare best after cyberattacks. To determine the odds of a business recovering from a cyberattack in any given state, we analyzed a host of factors, including internet privacy laws and the number of cyberattacks businesses within each state suffer each year.
Here’s what we found.
The Top 5: State-by-State Breakdown
South Dakota, which has cleverly dubbed itself the “Silicon Prairie,” has the highest number of small businesses per capita: 4,725 small businesses per 10,000 residents.
The state also recently signed into law a data privacy bill that requires companies and residents to report data breaches that affect more than 250 residents to the state’s Attorney General and consumer reporting agencies within sixty days of discovery.
Louisiana requires that businesses report a data breach to consumers within sixty days. It also requires that businesses notify the government of the breach, regardless of how many individuals were affected.
In addition, Louisiana SMB Development recently launched a no-cost cybersecurity initiative that offers various training programs to help businesses in Louisiana fortify themselves against cyberattacks.
Alabama requires that businesses report a data breach within forty-five days. Plus, Alabama is vigilant when it comes to cybersecurity research. Seven federal agencies within the state are involved in cybersecurity research, fifteen colleges in Alabama offer IT courses that cover cybersecurity, and the state is home to ten cybersecurity startups.
Businesses in Vermont must notify consumers and the government as soon as the breach occurs, without reasonable delay and no later than forty-five days from occurrence—fifteen days sooner than South Dakota and Louisiana.
As in Vermont, businesses in South Carolina are required to notify consumers of a breach as soon as it occurs. Thanks to the South Carolina Insurance Data Security Act, South Carolina was the first state in the country to pass legislation that protects SMBs from cybersecurity threats.
To analyze the states least likely to see businesses declare bankruptcy following a cyberattack, we included the following in our analysis:
- Number of small businesses per state in 2019
- Percent of all business bankruptcies in the past year from the US Courts (this does not include small businesses that declared bankruptcy due to the COVID-19 pandemic)
- Number of data breaches per state and number of records lost/stolen in data breaches per state for the past two years (using data from Privacy Rights)
- Number of victim losses affected by corporate, malware, and/or phishing scams that are reported to the Federal Bureau of Investigation (FBI)
From there, we standardized each category by giving each state a weighted score. The higher the score, the less likely small businesses in each state will go bankrupt after a cybersecurity attack.
Here’s the breakdown of how we calculated the weighted score:
- Small businesses per population: 20%
- Percent of all business bankruptcies state level: 25%
- Total number of data breaches per 10,000 businesses: 15%
- Total number of records lost or stolen per 10k businesses: 15%
- Corporate loss per 10,000 businesses: 5%
- Malware loss per 10,000 businesses: 5%
- Phishing scams per 10,000 businesses: 15%
Once each state received a weighted score, we curved each score to determine each states’ overall score in the form of a cybersecurity letter grade:
- A = 78–100 points
- B = 75–77 points
- C = 71–74 points
- D = 56–70 points
- F = 0–55 points
|State||Score||Grade||Number of small businesses per 10k people||Percent of total business bankruptcies|
|District of Columbia||67.78||D||1,078||7.46%|
About Go.Verizon.com: Go.Verizon.com is an authorized premium partner of Verizon.
Reporters may send questions to firstname.lastname@example.org.