That's a very interesting question, because we have to first understand what type of data is generated by these businesses.
Let's look at a business as a whole. Most of us might think of social media or we might think of online sales, but it's a lot more than that. You have employee records, you have information relating to your intellectual property, you have documents and you have finance-related information. If you're in the health care sector, you have health-related information. All of that information has to be stored somewhere, and the big issue, especially when it comes to small businesses, is whether they have adequate protections in place or whether they are aware of adequate protections to ensure that customer, employee and financial data are being protected and secured.
The best way to think about this is that it's not just a check box exercise, and this is what adds to the layers of complexity. I like to use this example. All of us have smart phones and we go into the app store, whether it's the Google Play store or the App Store on the iPhone, and you get the updates for all of these apps. You think to yourself, are these new features? No, nine times out of 10, they're security updates.
It goes to show that it's such a dynamic situation, and if you don't stay up to date, you're vulnerable. Security, cybersecurity in particular, cannot be a check box exercise. It must be continual and, in order for it to be continual, it requires investment.