Business Blog
SMB Cybersecurity Survey: It’s yours for the taking
Wondering what small and midsize businesses (SMBs) think about cybersecurity? Or maybe you work for a small or midsize business that would like to tell someone what you think. Here’s your chance. The Information Technology Sector Coordinating Council (IT SCC) and Department of Homeland Security (DHS) just released a voluntary survey about SMB cybersecurity practices – and they asked us to help get the word out.
The survey is a joint effort between industry and government to collect information about SMB cybersecurity and risk management practices. The survey asks about what sources SMBs use to learn about cybersecurity best practices; what asset and management practices SMBs have; and the cost of implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework.
What can you expect if you take the survey? The survey has two parts. Part one is for your company’s leadership and includes questions about the company’s functions and size. Part two is intended for the Chief Information Security Officer (CISO) or IT staff who can answer technical questions about your company’s IT security. The survey should take only 30 minutes.
What’s the point? Your feedback will help policy makers understand what your top cybersecurity concerns are and how cybersecurity ranks relative to other business priorities, as well as your insights and suggestions for strengthening your overall cybersecurity posture. Survey responses will be collected and anonymized. No confidential or identifiable data from SMBs will be published.
The survey is open to the entire SMB community. Small and midsize businesses are encouraged to respond to the survey in the next 30 days. So, step right up and take the survey now.
It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.
The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.
We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.