CRI man sitting at computer in office

The New Realities of a Remote Workforce Increase Cybersecurity Concerns for Half of All Small Business Owners, But Policies, Training Still Lag, Cyber Readiness Institute Survey Finds

Washington DC, April 9, 2020 – Stay-at-home orders for more than 40 states have forced millions of businesses to establish remote workforces that rely solely on Internet-enabled applications and products to conduct business. The overnight move to a “virtual workplace” has increased cybersecurity concerns for small business owners, but many still have not implemented remote working policies to address cybersecurity threats, according to a new survey commissioned by the Cyber Readiness Institute (CRI).

Conducted from March 25-27, the survey* of 412 small business owners found that half of all business owners are concerned that remote working will lead to more cyberattacks. Yet, nearly 40% feel that economic uncertainty will prevent them from making necessary cybersecurity investments.

This is particularly concerning for companies with fewer than 20 employees as the survey showed they were distinctly unprepared for remote working. Only 22% provided additional cybersecurity training prior to enabling remote working and just 33% provided “any cybersecurity training.”

“Now, more than ever cybersecurity affects the ‘business’ of nearly every company, not just in the U.S. but internationally,” said Kiersten Todt, managing director of CRI. “These are extremely challenging times for companies, especially small businesses, as revenue and resources are as unpredictable as they have ever been. However, cybersecurity investments aren’t always tied to dollars and cents. Several free tools, that focus on human behavior, offer important guidance on helping small businesses become more cyber ready. The best way to prevent the spread of COVID-19 is by doing the basics like washing your hands. Similarly, the cyber hygiene basics will go a long way in keeping small businesses resilient in this time of increased threats.”

Social distancing and quarantine orders have altered how business owners manage employees and interact with customers. It has made the reliance on secure communications and operations more important than ever. Yet, only 46% of business owners provide any training to help workers be cyber secure when working from home. The numbers dwindled down to 33% when looking at companies with fewer than 20 employees.

The Cyber Readiness Institute has outlined basic steps that are free and every organization can take to secure their remote workforce. Good cyber hygiene practices that focus on using secure passwords, ensuring that all operating systems are up to date, understanding tricks used by bad actors, and prohibiting the use of USB memory sticks can go a long way in preventing cyberattacks.

Additional findings from the survey include:

  • Only 40% of small businesses have implemented a remote work policy focused on cybersecurity as a result of coronavirus (only 25% of those with less than 20 employees)
  • 59% of small business owners said that some employees would be using personal devices when working from home.
  • 55% believe that federal and state governments should provide products and funding for cybersecurity
  • 51% said they provided their employees with technologies to improve cybersecurity for remote workers (only 34% for companies under 20 employees)

*Survey Monkey survey of 412 small business owners has a margin of error of +/- 6%.

About The Cyber Readiness Institute

The Cyber Readiness Institute (CRI) is a non-profit initiative that convenes business leaders from across sectors and geographic regions to share resources and knowledge that inform the development of free cybersecurity tools for small and medium-sized enterprises (SMEs). The Institute seeks to advance the cyber readiness of SMEs to improve the security of global value chains. Our free self-guided, online Cyber Readiness Program is available in Chinese, English, French, Spanish, Portuguese, Arabic, and Japanese. To find additional free cybersecurity resources, visit