Skip to main content

Wondering what small and midsize businesses (SMBs) think about cybersecurity? Or maybe you work for a small or midsize business that would like to tell someone what you think. Here’s your chance. The Information Technology Sector Coordinating Council (IT SCC) and Department of Homeland Security (DHS) just released a voluntary survey about SMB cybersecurity practices – and they asked us to help get the word out.

The survey is a joint effort between industry and government to collect information about SMB cybersecurity and risk management practices. The survey asks about what sources SMBs use to learn about cybersecurity best practices; what asset and management practices SMBs have; and the cost of implementing the National Institute of Standards and Technology (NIST) Cybersecurity Framework.

What can you expect if you take the survey? The survey has two parts. Part one is for your company’s leadership and includes questions about the company’s functions and size. Part two is intended for the Chief Information Security Officer (CISO) or IT staff who can answer technical questions about your company’s IT security. The survey should take only 30 minutes.

What’s the point? Your feedback will help policy makers understand what your top cybersecurity concerns are and how cybersecurity ranks relative to other business priorities, as well as your insights and suggestions for strengthening your overall cybersecurity posture. Survey responses will be collected and anonymized. No confidential or identifiable data from SMBs will be published.

The survey is open to the entire SMB community. Small and midsize businesses are encouraged to respond to the survey in the next 30 days. So, step right up and take the survey now.


It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act authorizes this information collection for purposes of managing online comments. Comments and user names are part of the Federal Trade Commission’s (FTC) public records system, and user names also are part of the FTC’s computer user records system. We may routinely use these records as described in the FTC’s Privacy Act system notices. For more information on how the FTC handles information that we collect, please read our privacy policy.

The purpose of this blog and its comments section is to inform readers about Federal Trade Commission activity, and share information to help them avoid, report, and recover from fraud, scams, and bad business practices. Your thoughts, ideas, and concerns are welcome, and we encourage comments. But keep in mind, this is a moderated blog. We review all comments before they are posted, and we won’t post comments that don’t comply with our commenting policy. We expect commenters to treat each other and the blog writers with respect.

  • We won’t post off-topic comments, repeated identical comments, or comments that include sales pitches or promotions.
  • We won’t post comments that include vulgar messages, personal attacks by name, or offensive terms that target specific people or groups.
  • We won’t post threats, defamatory statements, or suggestions or encouragement of illegal activity.
  • We won’t post comments that include personal information, like Social Security numbers, account numbers, home addresses, and email addresses. To file a detailed report about a scam, go to

We don't edit comments to remove objectionable content, so please ensure that your comment contains none of the above. The comments posted on this blog become part of the public domain. To protect your privacy and the privacy of other people, please do not include personal information. Opinions in comments that appear in this blog belong to the individuals who expressed them. They do not belong to or represent views of the Federal Trade Commission.

Bernard Mihayo
October 09, 2019
About people and small businesses. Online fraud is a very big challenge for promoting small business. since the greatest danger lies with online hackers. it should be noted that many low-income people tend to make quick and easy money. so online hackers use it, that opportunity. to make a promise and I am setting up false plans and achieving destruction. also be aware, most instructors are educated and have a good understanding of online settings. Recently a number of websites and blogs have been launched, and they are on the air and implementing online fraud. I have many examples of such destruction. through the Internatiol pasel service (IPS). I have some false documents, that were seeking to implement Internet Damage, through me. If it gets you wrong to send pictures then I'm ready to send. to reduce online fraud.

More from the Business Blog

Get Business Blog updates