Small Businesses Say Government Should Mandate NIST Cybersecurity Framework

Silver Spring, MD – December 2, 2015 – e-Management releases the results of the company’s second annual Cybersecurity Readiness Survey. Respondents of the sample survey of more than 50 companies include attendees of the CyberMaryland Conference 2015, which was held October 28-29 at the Baltimore Convention Center.

Findings show approximately three out of every five (59%) respondents from organizations with 2,500 or fewer employees say the federal government should mandate small businesses to adopt the voluntary Framework for Improving Critical Infrastructure Cybersecurity, released last year by National Institute of Standards and Technology (NIST)—an agency within the U.S. Department of Commerce. That’s up 14% from last year’s figure of 45% of those surveyed. For this survey, e-Management defines small businesses as organizations with 2,500 or fewer employees.

“What these results says to me is that many small businesses are not yet ready to make the investments in cybersecurity unless they have to,” says e-Management Founder & CEO Ola Sage. “It comes down to economics for many small business owners who may delay decisions to invest in cybersecurity until they are required to.”

The survey also reveals an increase in the small business community’s general awareness of the Cybersecurity Framework, which provides a framework for all types and sizes for organizations to “identify, protect, detect, respond, and recover from cybersecurity events” according to NIST. The Cybersecurity Readiness surveys show only 15% of small businesses—organizations with 2,500 or fewer employees—say they are not familiar with the NIST Framework. That figure is down from last year’s figure of 28% of small business respondents.

The survey also confirms small organizations still have areas where they may need to beef up their cyber readiness. For example, last year roughly 23% of small organization respondents said they never provided cybersecurity awareness training. That figure increases this year to 25% of respondents.

e-Management is an award-winning cybersecurity and IT services firm named as the 2015 IT Company of the Year for Montgomery County, Maryland. A CMMI® Maturity Level 3 rated company, e-Management’s software innovations include CyberRx for cybersecurity readiness and eGov Risk Portfolio Manager for enterprise risk management. For more information about e-Management, visit