WASHINGTON The U.S. government is making it easier for small businesses to beef up defenses against cyber criminals through a free, online tool, the top U.S. communications regulator said on Monday.
The Small Biz Cyber Planner will allow business owners to create customized cybersecurity plans by answering basic questions about their company and its online presence.
"Forty percent of all targeted attacks today are directed at companies with less than 500 employees," said Cheri McGuire, vice president of global government affairs and cybersecurity policy at Symantec Corp.
The Obama administration has pushed initiatives to protect businesses and consumers from data breaches as lawmakers remain at odds over comprehensive cybersecurity legislation.
The administration's latest effort -- a collaboration of government experts and private information technology and security companies, including the Federal Communications Commission, the Department of Homeland Security the U.S. Chamber of Commerce, Symantec, Visa Inc, Automatic Data Processing Inc, Bank of America Corp and others -- will be available in November.
"Small businesses that don't take protective measures are particularly vulnerable targets for cyber criminals," FCC Chairman Julius Genachowski said.
A new survey by Symantec and the National Cyber Security Alliance released on Monday found that only 52 percent of small businesses had a basic cybersecurity strategy or plan.
The survey revealed a false sense of security among small business owners. Eighty-five percent of owners said their companies were safe from cyber threats; yet 77 percent had no formal written Internet security policy, and of those, 49 percent did not even have an informal policy.
"With larger companies increasing their protections, small businesses are now the low-hanging fruit for cyber criminals," Genachowski said.
The average annual cost of cyber attacks last year was $188,242 for small and medium-sized businesses, with down-time costing some small firms $12,500 a day.
Senate aides say it is unclear whether a comprehensive cybersecurity bill will come to a floor vote before the end of the legislative session.
The bill, being drafted by Senate Democratic leader Harry Reid's office, would require companies to notify consumers when breaches put personal data at risk, and it would authorize the Department of Homeland Security to ensure minimum standards are met in monitoring for possible attacks.
But a Republican task force in the House of Representatives said earlier this month that Congress should give companies incentives to boost cyber defenses and not rush to impose new regulations, except in sensitive sectors like nuclear power, electricity and water treatment plants.
Former Homeland Security Secretary Michael Chertoff commended the partnership between federal agencies and industry, which included his risk management and security consulting firm Chertoff Group, to more quickly bring cybersecurity tools and resources to small business.
"Not to consider cybersecurity is a little bit like leaving your money lying around on the table and thinking that that's not going to be a problem," he said.
Of particular concern for small business was the potential for theft of intellectual property, which Chertoff said is not only damaging to the business itself but to the United States' national competitiveness.
The joint Symantec-NCSA survey found that a quarter of small businesses have their own intellectual property like patents and design documents. One in five handle the intellectual property of other companies.
(Reporting by Jasmin Melvin, editing by Gerald E. McCormick)