Resisting change is normal. We wouldn't be human if we didn't have an emotional, almost visceral reaction to major departures in the way things are done. You wouldn't be the successful business owner that you are if you jumped on every new product or service every time a sales person got you on the phone or showed up at your office. In fact, you'd be bankrupt and there would be no business left to run.
In the world of change, there is temporary and there is permanent. Successful businesses are able to identify the difference between "trends" and "fundamental shifts". They resist the flash in the pan trends, but when they see a fundamental shift, they not only embrace it, they lead the way.
Where does cybersecuirty fit into this spectrum of change? Some will tell you that it’s an unprecedented technology upheaval that will completely revolutionize international law, domestic policy, the economy, terrorism and war. Others will tell you that it’s just the latest “new thing” and that society and technology will incrementally adjust and that in a few years we’ll be talking about something else. I land somewhere in between: it's new(ish), it's scary, it's here to stay, but like anything new, lawmakers, our government, and business owners will figure it out.
Put another way, cybersecurity is the cost of doing business in the 21st century.
I get it. As a business owner, you have 100 hours worth of to dos in a 16-hour work day. However, burying your head in the sand and waiting for this to pass is not just ignorant, it's negligent; as is “trusting” that your IT person has it handled without asking any questions or really knowing what’s going on. Cybersecurity is likely new to your IT contractor or service provider as well, and they are no more an expert than you.
So, what should you, a responsible business owner, being doing?
Educate yourself. If you aren't educating yourself on cybersecurity in order to form your own opinion, you're likely to be left behind, regardless of whether it’s a trend or fundamental shift.
Finally, get an assessment for your business. Understand where you may be vulnerable, where it actually matters for your business, and what you can do about it. Maybe your IT person is great, maybe you suspect they aren't doing what they tell you they are doing; either way, it’s prudent to inspect what you expect.
Tackle these challenges and you may wake up feeling even more scared. You may come to the conclusion, as I did, that cybersecurity isn't going away and it is simply the cost of doing business in the 21st century. But at least you'll know, and that’s better than finding all of this out during your data breach, and potentially going out of business in the process.