Content area
Full Text
Small businesses are easy victims of cyberattacks due to their limited resources and insufficient training. Furthermore, many small business owners ' attitudes diminish their need for safeguards because they think that they are not likely to be attacked. Yet, small businesses experience Denial of Service (DoS) attacks, Distributed Denial of Service (DDos) attacks, phishing, vishing, and tail gating as well as theft of confidential information and hardware. Consequently, numerous small businesses close or experience detrimental results - loss of consumer trust, lawsuits, credit monitoring fees, tarnished reputations, and lost operational costs. Since past research demonstrated that training positively impacts self-efficacy, this paper explores the effects of cybersecurity training on participants ' self-efficacy towards small business cybersecurity practices. Survey participants were face-to-face and virtual attendees at a public university 's Cybersecurity for Small Businesses Conference. To evaluate the attendees' perceived self- efficacy, a pre- and post-survey included cybersecurity questions with demographic questions. The results show a significant difference in scores for overall cybersecurity self-efficacy before and after such training.
Keywords: self-efficacy, cybersecurity training, entrepreneurs, entrepreneurship, small business
INTRODUCTION
Cyberattackers are aware of the unpreparedness of small business to have proper security measures in place, and the consequences are high. Based upon analysis of data collection from multiple sources, Verizon reported that 43% of small businesses are victims of cyberattacks (2019). Within 6 months of such attacks, approximately 60% of these small businesses close their businesses ("Arch Angel," 2015).
Furthermore, surviving businesses from cyberattacks often experience negative outcomes from the attacks that can include lost customers, high fees to diagnose/remedy the attack, legal fees, credit monitoring fees, fines, lost business operational time, and damaged reputation (Black, 2013; Paoli, Visschers, & Verstraete, 2018; Paulsen, 2016; Sangani & Vijayakumar, 2012). To illustrate some of the aforementioned consequences, KPMG (2015) conducted a survey of 1,000 businesses and 1,000 consumers and found that 21% of those victims' businesses needed to take their website offline, 32% paid for assistance to remedy the attack, and 20% paid for legal assistance. Recovery costs are significant to small business owners being reported as an average of $20,000 per incident, as well as a high of $38,000 - $44,000 in direct costs such as Legal IT, PR fees) and $8,000 indirect costs such as preventative...