Three-Quarters of U.S. Consumers Less Likely to Shop at Small Businesses That Suffer Cyber Attacks

Three-Quarters of U.S. Consumers are Less Likely to Make Online Purchases from Small Businesses That Suffer Cyber Attacks, New Cyber Readiness Institute Survey Finds

Non-Profit Initiative Reports Online Shoppers Believe Large Retailers are More Likely to Protect Their Security and Privacy, But Believe Small Retailers Should Offer Same Protections

NEW YORK, Nov. 5, 2019 – As Americans get set to embark on the annual online holiday shopping season, cybersecurity is top of mind and consumers believe that they should have the same protections, whether they are shopping with a large retailer or a mom-and-pop small business, according to a new national survey conducted by the Cyber Readiness Institute (CRI).

CRI, which provides free, easy to use tools and policies to reduce the risk of the most common cyber vulnerabilities, found that nearly two-thirds of 528 U.S. consumers surveyed expect small businesses to offer the same protections as large retailers. However, few think that the reality matches their expectations as just 33% believe that small businesses are likely to protect their security and privacy at least as well as large retailers.

CRI used Survey Monkey to conduct the online survey from Oct. 5-7. The survey has a margin of error of +/- 4%.

“When it comes to cybersecurity, consumers appear more comfortable with large retailers. It doesn’t have to be this way. Bigger doesn’t have to be better,” said Kiersten Todt, managing director of CRI. “A small business doesn’t have to mean less security. The foundation of a cyber secure organization must be grounded in employee education and a culture that fully embraces the importance of cybersecurity to customers and the bottom line. These goals can be achieved with limited resources – and the primary requirement is commitment.”

Indeed, CRI research found that 45% of consumers surveyed are less likely and 31% will never shop at a small business that was hacked and lost personal information.

As brick and mortar sales continue to stagnate, online markets provide fertile ground for small businesses. Online shoppers spent $122 billion online during the 2018 holiday shopping season, growing by more than 17% year-over-year, according to Internet Retailer.

The CRI survey found that the upward trajectory should continue in 2019. More than 87% said that they planned on making an online purchase this holiday season with 35% planning to make an online purchase with a small business over the next two months.

Other key findings included:

  • Only 50% know how to determine if an online shopping site is protecting their security and privacy.
  • 55% stopped making an online purchase because of cybersecurity or privacy concerns.
  • 19% are more likely to make an online purchase with a small business.
  • Only 33% researched a vendor’s cybersecurity or privacy protections prior to making a purchase.
  • 98% of consumers had purchased a product online and more than 91% had made a purchase using their mobile phone.

Free Small Business Cyber Resources

CRI offers a free Cyber Readiness Starter Kit for small businesses. The Starter Kit includes employee education programs about using secure passwords, updating software with the latest patches and managing the use of USB memory sticks. In addition, CRI provides a simple guide to help managers start the conversation with team members about cyber risks, protections and good practices; a quiz that office members can use to see how well they understand their security situation; and posters that can be used in offices to remind team members of critical lessons learned to help secure their digital possessions.

For organizations that need a more robust approach, CRI also offers the Cyber Readiness Program to provide greater cyber protections. The Cyber Readiness Program was developed with input from leading security experts at global companies, subject matter experts, and feedback from a pilot program of small businesses. The free, self-guided online program provides resources and tools—including policies, posters, and workforce education materials —that align with each step of the Program’s five-stage process. The Cyber Readiness Program is available in English, Spanish and Portuguese. The Program will be translated into Chinese, Arabic, Japanese and French soon.

About the Cyber Readiness Institute

The Cyber Readiness Institute is a non-profit initiative that convenes senior business leaders from across sectors and geographic regions to share resources and knowledge that inform the development of free cybersecurity tools for small and medium-sized enterprises. The Institute seeks to advance the cyber readiness of small and medium-sized enterprises to improve the security of global value chains. The free, self-guided Cyber Readiness Program for small and medium-sized enterprises was launched in December 2018 and is available in English, Spanish and Portuguese. Additional translations will soon be available in Chinese, Arabic, Japanese and French.