Advice to SMB CEOs from a former CIO

The acronym CIO is sometimes understood to stand for “Career Is Over,” and here’s why: Business leaders in charge of information technology are not only tasked with driving automation, productivity, business intelligence, digitization, and cloud platforms, but often also with cybersecurity.  

The scope of the last item consists mostly of protecting their business from online threats like ransomware attacks, phishing campaigns, or computer viruses. The reason this part of the Chief Information Officer role can be a career-breaker is self-evident: You only need to fail once at protecting your business, and the consequences can be disastrous — think brand and reputation damage, fines for exposing private information, and even bankruptcy.  

Having been a CIO at global companies for over a decade, I can attest to the pressure that the job of protecting your business from online threats exerts on you as well as the close calls that my teams experienced over time. 

While I had the “luxury” of having state-of-the-art enterprise-grade security tools at my disposal, as well as the support of a stellar team of cybersecurity experts, small and medium businesses (SMBs) are often less fortunate. With 90% of SMBs globally consisting of fewer than 20 employees, these businesses are unlikely to have cybersecurity experts on their payroll, and with limited revenue they can’t afford enterprise-grade technology solutions to protect their business.  

On the other hand, a cyberattack has the ability to sink a small business: According to UK data, for example, the average turnover of a small business with 10 or more employees was 2.8 million GBP in 2022, but the average global cost of a data breach in the same year was 3.93 million GBP.   

So, when you are a small business CEO and juggling the role of Chief Commercial Officer, Chief Marketing Officer, and Chief Information Officer, how do you ensure that you not only avoid a sudden end to your career, but also not witness the demise of the company that you’ve built? Below are a few of my core pieces of advice for SMB leaders.

Protecting your business is everyone’s business

Don’t assume that since you are a small business, you aren’t at risk from cyber threats. With 66% of SMBs having experienced a cyberattack in the past 12 months, you are more likely to be a target than not. You don’t need a CIO to make cybersecurity a priority; simply include it in your business plan and company guidelines: Just like you may ask your staff to wear a helmet when visiting a construction site or a face mask when examining patients, make sure your sales team connects through a VPN when accessing your customer data from a public Wi-Fi network.

Cybersecurity technology doesn’t have to be complex, obscure, or expensive

Small business solutions can be robust and provide the right level of protection for your stage of growth, digital maturity and industry, without requiring multi-million-dollar budgets. And expertise can be accessed from service providers who can take the burden off SMB leaders’ hands of responding to threats or keeping protective measures up to date.

Make nimbleness and agility your super-power against cyber threats

Small businesses can be quick, agile, and take advantage of a lack of bureaucracy to plan ahead before a cybersecurity crisis occurs. SMBs need to utilize these strengths to get prepared and to get a plan in place, which at the bare minimum should include implementing online and offline backups, installing an antivirus, setting up network monitoring, and ensuring an automated patching regime is established.

At Avast, we want SMBs to have confidence in operating online safely. With this in mind, we can redefine the CIO acronym to stand for “Confidence In Online”, enabling businesses to remain viable and thrive in today’s digital landscape. Find out more about our solutions for SMBs by signing up for our free trial.