Abstract

While larger companies have resources to address cyber security issues, small companies often do not. Usually, a business owner or his immediate family members handle many different roles within the small business. Because of a lack of information technology knowledge and resources to hire that knowledge, many small businesses are at a great risk of having their systems compromised. The purpose of this paper is to report the findings of a field study that included over 370 interviews with small business owners about their approach to risk management, including those related to cyber security threats. Results indicate that small business owners are often likely to have the basic tools related to technology risk management in place, but lack the policies, procedures and training to secure their information resources. Additionally, responses indicated a majority of respondents do not use strong passwords to protect their information assets.