Through examining what is considered best practices and “reasonable cybersecurity”, this article explores how cybersecurity practices differ among small businesses and large organizations. The ambiguous nature and expansive landscape of current cyber regulations and practices sometimes overwhelmed smaller organizations. Furthermore, a current lack of organizational liability fails to promote better intra-organizational policy and sense of responsibility. Consequently, smaller organizations focus on business development over cybersecurity development rather than integrating the two. The article suggests that cyber insurance, provides an incentive to adopt better cybersecurity practices, its high cost, limitations, and the current lack of liability laws have resulted in its “slow” adoption. Overall, this article focuses on the cybersecurity disparities between small, medium, and large organizations. The article concludes that small and medium-sized organizations are under resourced and face large barriers to improving their cybersecurity protocols. Further emphasis is spent on increased liability on companies who store, collect, or utilize data, as it creates a greater incentive for companies and organizations to invest in their cybersecurity teams, protocols, and educational training.
Author:
Christos Makridis, Anne Boustead, Scott Shackelford
