Washington, DC
January 30, 2023

Women-Owned Small Businesses Particularly Vulnerable to Cybercrime – by Jithmi Wickramatillake

Small businesses—in particular women-owned small businesses—need to up their game to protect themselves and their network of customers, clients, and suppliers.

Cybercrime has been rising at an alarming speed over the past few years with experts estimating that cybercrime will cost the world economy $10.5 trillion USD by 2025.

And while the lion’s share of media coverage goes to the big attacks on high-profile large companies, the fact of the matter is that most data breaches affect small-to-medium-sized businesses with the majority of those affecting small businesses. According to a recent global Verizon data breach report, 43% of all cyberattacks target small businesses.

Some of the most common ploys are phishing scams, server attacks, password vulnerability, infected flash drives, and even social engineering attacks where human interaction acquires sensitive information in person. Whatever their nature, malicious actors can steal valuable data including customer information, internal emails, employee data, intellectual property, and financial details. The average loss per attack is $188,000 USD with 60% of small businesses folding within six months of the attack.

Yet despite the rising danger and the demonstrable costs of a successful attack, most small-to medium-businesses aren’t doing nearly enough to protect themselves. Just by implementing cybersecurity measures to combat threats against their networked systems and applications—whether they come from inside or outside of the organization—would be a good first step.

This lack of preparedness is confirmed by a recent survey of 600 U.S. businesses with revenue between $1 million and $40 million conducted by Provident Bank. The bank found that 50% of responding companies felt they were fully prepared for an attack, however, 57% faced at least one digital attack in the past 12 months, and 27% reported more than three incidents. As a result of those breaches, 42% faced increased IT costs, 35% saw a decrease in productivity, and, adding insult to injury, 26% reported being fined consequently.

The numbers are similar for women-owned small businesses. A membership survey conducted by the National Association of Women Business Owners (NAWBO) revealed that 50% of U.S. women business owners said they had made no preparations to prevent a cybersecurity incursion.

The situation is even worse for women-owned small businesses outside the US. According to a recent survey we conducted with our network of women-owned businesses, 84% said they need more tools and training to improve their business’s cybersecurity, and 31% do not feel prepared to ward off a cyberattack. Another 19.8% reported already having been negatively impacted by a cyberattack.

According to MAS Global Consulting, cybersecurity is a fast-moving sector with both hackers and security vendors trying to outdo one another. The sheer volume of cybersecurity threats is impossible for humans to handle alone and, as a result, organizations are increasingly turning to AI and machine learning to improve their security infrastructure. Companies that suffered a data breach but fully deployed AI technology saved an average of $3.58 million in 2020.

So why are so few global women business owners prepared? Many believe they are too small to be targeted. Others say it is cost prohibitive. A third reason is the lack of time as they juggle busy professional and personal lives.

Cybersecurity, however, does not have to be expensive, time-consuming, or gender specific. It can be as simple as assessing risks and vulnerabilities, putting a plan in place for all devices, training all employees, following best practices for passwords, and using two-factor authentication to log into systems, updating systems and software regularly, and backing up data. Here are some simple, cost-effect, and essential actions to immediately improve cybersecurity:

  • Strong passwords: create required, strong password and multi-factor authentication standards for your organization.
  • Control access to data and systems: be intentional in how your organization gives individuals access to data. Data access should be necessary for the individual’s work, limited, and authorized, always.
  • Firewalls: add firewalls to be gatekeepers between computers and the internet.
  • Implement security software: standard anti-virus, anti-malware, and anti-spyware should be employed on all organizational devices.
  • Training: regular cybersecurity training for employees should be facilitated to ensure that they are stewards of security. WEConnect International has begun offering cybersecurity training to its members in some parts of the world at no cost.
  • Auditing: Regular audits should be performed to ensure that standards and procedures retain current best practices, are being adhered to, and that data access is reflective of the changing roles and responsibilities of employees.

Cybersecurity is crucial to the sustainability of your organization and the safety of your constituency. Committing to small changes to improve an organization’s cybersecurity can result in a big impact, so join me in taking the necessary steps to protect yourself and others today.

Through the U.S Department of State SCA-funded project, WEConnect International has designed and delivered 6 cohorts of Cyber Security training to 143 Women-Owned Businesses (WOBs) across South Asia. The objective of the workshop was to equip the WOBs with the necessary knowledge and skills to protect themselves against cybersecurity threats and social engineering fraud.

The participants were trained to understand the basics of cyber security, recognize key cyber threats such as phishing, social engineering & ransomware, and be able to develop and implement security controls for their businesses.

To measure the impact of the training, WEConnect International conducted a business application survey 3 months after the training. The survey results showed that 82% of the participants have taken steps to reduce cyber threats and 75% have created and implemented a technology action plan.

In the business impact survey conducted 6-8 months after the training, 70% of the participants reported having implemented security controls, with website security (24%), security systems (21%), password protection (18%), awareness and training of their teams (15%), and email phishing schemes (15%) as the most applied strategies.

The participants have reported positive feedback on the training, citing the knowledge they have gained and the inspiring conversations they had with the other learners.


“The training significantly expanded my knowledge about the cyber-security world. Right from learning how to identify threats, prevent attacks, the methods hackers use, consequences of a cyber-attack, it was all so informative. And the kind of participants I met there was inspiring.”

  • Arpita Santosh, ThinkWright Learning Services, India


“This training taught me what it meant to be in a safe environment. The importance of keeping data secure, the various kinds of threats, and you also meet other learners and join in with active discussions. The training experts were also deeply knowledgeable.”

  • Kurshida Jahan, Lavish Designs, Bangladesh