Cybersecurity Readiness For Small Business

Small businesses are increasingly vulnerable to cyberattacks, and their limited resources often leave them ill-equipped to defend against these threats. In 2021, out of 34 million cyberattack attempts, 43% targeted small businesses, resulting in significant financial losses. Virginia’s concentration of federal and defense organizations makes small businesses here a critical link in national security. To address this challenge, Old Dominion University (ODU) is embarking on a project that leverages its cybersecurity expertise and the resources of its Business Development Center (BDC) to support small businesses in tackling cybersecurity issues. This initiative falls under the Cybersecurity for Small Business Pilot Program, which provides grants for counseling and training services. We seek an award of $1,000,000 to serve approximately 400 small businesses, helping them address cyber threats and vulnerabilities.

Project Design:

Virginia has positioned itself as a leader in the cybersecurity industry, fostering an environment of innovation and public-private partnerships. It has various programs such as the Cybersecurity Business Development Program, helping companies enhance their cybersecurity capabilities, and the Cybersecurity Workforce Development Program, which builds a skilled cybersecurity workforce. To protect data and systems, Virginia’s Information Technologies Agency maintains a directorate dedicated to security. With cyberattacks on the rise, the state is actively working to secure its technology infrastructure.


ODU’s project aims to simplify NIST control guidelines, automate cybersecurity compliance, and provide cybersecurity training. Central to the project is the Cybersecurity Compliance Challenges to Small Business (C3SB) tool, offering a cost-competitive, cloud-based project management and security compliance solution. The project leverages the expertise of the Business Development Center (BDC) at ODU, which has a strong network of small business clients and offers personalized business consulting services, workshops, and support.

Performance Measures, Metrics & Outcomes:

The project’s outcomes include increased cybersecurity maturity in small businesses, leading to regional cybersecurity enhancement and economic benefits. Milestones of the project encompass preparing simplified NIST control elements, automating compliance and risk management, and cost-effective cybersecurity compliance. Performance measures include the number of small businesses reached and served, resolved cybersecurity cases, increased cybersecurity awareness, client satisfaction, cost savings, and Federal Acquisition Regulation (FAR) 52.204-21. The project also conducts training events, webinars, and workshops.

Direct Benefit to Small Business Communities and Clients:

The project directly benefits small businesses by simplifying cybersecurity training and awareness process. Small businesses will fortify their businesses with cybersecurity shield, enabling them to focus on growth and innovation while securely adopting new technologies. This initiative promotes regional economic growth by strengthening small businesses’ cybersecurity posture.


The project collaborates with ODU’s Cybersecurity Department, BDC, and partner organizations. The collaborative approach combines cybersecurity expertise, training content development and delivery, and small business outreach and support, making the project more effective and affordable for small businesses.

Data Collection & Measurement of Outcomes:

Key data collection elements and metrics include:

  • The number of small businesses reached.
  • The number of small business clients served.
  • The number of resolved cybersecurity cases.
  • Small Business Training Satisfaction.
  • Potential cost savings.
  • Employee satisfaction.

These metrics provide a comprehensive view of the project’s impact and its success in achieving cybersecurity goals for small businesses.

Small Business Cybersecurity Readiness Survey

The small business that participated in the survey include but were not limit to Retail, Healthcare, Finance, Manufacturing, Technology, Consulting, Engineering, Government services, Defense Contractor, Heavy Marine Construction, Construction, Education, Transportation, Public Affairs, Media Relations, Consulting, Communication, and others. The percentage of businesses that submitted their responses were; 70% from the businesses with up to 10 employees, 12% from small businesses with 11-50 employees, 15% from businesses with 51-250 employees, and rest of the responses were from the business with less than 450 employees. The main cybersecurity issues raised by the participants are as follows:


Training Programs  

After analyzing survey responses and engaging in roundtable discussions with small businesses, we formulated a training plan. The prioritized topics for our training program, based on the responses, include:

  1. Phishing, Smishing, and Vishing
  2. Data breaches or storage reconnaissance.
  3. Business email compromise.
  4. Malware infections.
  5. Third-party/vendor cybersecurity risks.
  6. Ransomware attacks.
  7. Identity theft.

View Detailed Training Program

Project Team

PI: Prof. Sachin Shetty

email: sshetty[at]


Co-PI: Dr. Safdar H. Bouk

email: sbouk[at]



Monique Mcwhite | mmcwhite[at]

Mary Fish  |  mary[at]



COVA CCI is supported by the Commonwealth Cyber Initiative and funded through the Commonwealth of Virginia.