This past month, we participated in the North Shore Business Expo, an annual event put on by the North Shore Chamber of Commerce. We had a great time meeting the amazing people and local businesses that were in attendance. We were also excited to learn about how local businesses view cybersecurity.

During the event, we invited guests to take a cybersecurity survey. Here’s what we discovered:

of respondents said their business would be in serious trouble if their technology systems were down for more than 12 hours.

Only 52%
of people whose businesses capture sensitive data (SSNs, credit card info, etc.) can confirm their company has an information security plan in place.

of respondents said that if their data was exposed in a breach, they would blame the business that lost the information and not the hacker.


What does this mean?
It means we’ve got some work to do. Many businesses that capture sensitive data do not have the practices set in place to protect themselves from cyber attacks—putting their businesses, their customers, and reputations in danger.

This is especially critical for businesses in Massachusetts, which are required by law to protect the personal information in their care.


It’s time to take action.
If you don’t know how your company can protect itself from cyber threats, it’s time to do something. Reach out to schedule a meeting about what solutions your business needs to prevent these problems before they impact your business.



Showing 2 comments
  • John Kerr

    Mass Law + New Euro regs must make for some interesting opportunities across many industries and market segments.

    What is the size and scope of a typical Steel Root client and its project? Is there such a thing as ‘typical’? Local vs National vs. International?

  • rheidorn

    Hi, John.

    Thanks for your comment. It’s true that regulations like MA 201 CMR 17.00 and GDPR can be confusing for employers attempting to assess their compliance requirements. Steel Root can help. 🙂

    Our typical client is a company in New England with under 250 employees. There are some exceptions, but generally this is the kind of company where we can add most value – companies that don’t have dedicated IT or security specialists on staff, or companies looking to reduce cost by hiring a third-party instead of a full-time employee.


Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Contact Us

We'd love to hear from you. Send us an email and we'll get back to you ASAP.

Image of Europe in relation to GDPR cybersecurity lawgmail update