The chances of a company experiencing a data breach are high—one in four, according to the Ponemon Institute. With hundreds of thousands of new malware designs appearing every day, it’s more important than ever before for small businesses to prepare with cybersecurity. No matter your budget, the return on investment (ROI) for security software is invaluable.

What’s the cost of a security breach?

In 2019, cyberattacks cost companies $200,000 on average. But if you cannot access vital records and you’ve lost your reputation with customers because of a breach, you can quickly go out of business. If vital information is stolen, access to it may be withheld unless you pay a hacker. If sensitive records are released publicly, you’re liable for not securing your clients’ data.

A breach doesn’t just mean a hacker getting access to, say, credit card information—a hacker may seek more personal data about you and your clients as currency. Cyberattacks occur in hundreds of ways: worms, spam, scareware, spoofing, spyware, malware, ransomware—the list goes on. But behind every cyberattack, there’s a person who wants money or data or to disrupt your business. A hacker could be contracted to punch through weak security walls to gain information for their client or work independently to create programs that extort companies for money.

Recovering your reputation after a hack depends on how you handle the breach. There will be a subset of terrified customers who will not want to do business with you. But if you announce the breach, mitigate the effects and clearly articulate what you’re doing to prevent an attack from happening again, you may be able to recover your professional reputation.

Of course, a breach happening in the first place will fundamentally impact customers and some may not want to give you a second chance. Thus, calculating the ROI on cybersecurity should be weighed against the worst that could happen.

How do I make the right investment in security software?

Investing in security software is paramount. This kind of protection is as close as you—or anyone—can get to protection from invasive hacking. You’ll need to choose the investment level that works for you, but for the bare essential protections, consider the following options for reduction in risk:

• Invest in encrypted, secure cloud and software systems. Store employee data like social security numbers, addresses and banking details in an encrypted cloud or software system. Also, consider storing vital business documents like proprietary information or financials in an encrypted environment, so you can always access them, even if your business is victim to a cyberattack.
• Invest in an SSL. An SSL is a secure sockets layer. If you visit a website and see “https://” in the search bar, the “s” guarantees that the website is providing encrypted communication between the website and the browser. It’s safe to make transactions with a credit card through an SSL because that data cannot be hacked. If you do not have an SSL and make transactions with customers online, your customers’ data is vulnerable to a cyberattack.
• Consider purchasing cybersecurity insurance. Cyber liability insurance can be bought, similarly to other types of insurance, and protects a company for a breach up to a designated amount. Cyber insurance plans can protect all affected employees if any information is breached. For the general public, cyber insurance coverage is also becoming readily available in case a consumer’s information is breached.

What is the most cost-effective investment for risk reduction?

Though you don’t need to spend the money on a full-time IT administrator to install baseline cybersecurity, you’ll want to consult with an expert to help secure your vital data. There are plenty of direct-to-consumer products, some even available through your internet service provider, that feature one-on-one phone consultations with an on-staff IT professional. Many programs have introductory discounts or options, and you can buy diversified protection as you need it. Here are two well-regarded solutions to give you an idea of what’s available for your business:

• Norton Antivirus – This baseline program for small businesses covers five devices, 2GB of cloud backup and a smart firewall. Additional features include anti-spyware, -virus, -malware and -ransomware protection. The first year of service includes a discount.
• LifeLock – In collaboration with Norton, LifeLock provides cyber insurance to reimburse individuals and employees after a cyberattack. Various plans offer cyberattack protection that reimburses in rates ranging from $25,000 to $100,000 to $1,000,000.

Product features may have changed and are subject to change.