Cybersecurity & Tech

Calibrating Secure by Design with the Risks Faced by Small Businesses

Sezaneh Seymour, Daniel Woods
Friday, February 14, 2025, 10:00 AM

Empirical evidence suggests guiding small businesses toward more secure configurations is more important than eliminating vulnerabilities. 

Cybersecurity lock (https://stockcake.com/i/cybersecurity-digital-lock_1062621_932766, Public Domain)
Meet The Authors

Published by The Lawfare Institute
in Cooperation With
Brookings

Subscribe to Lawfare

In this paper for Lawfare’s Security by Design Paper Series, Sezaneh Seymour and Daniel W. Woods argue that Secure by Design (SbD) policies should be calibrated to the actual risks faced by small businesses, rather than focusing primarily on software vulnerabilities. Using a dataset of over 90,000 U.S. firms, the authors find that insecure configurations are a more pressing problem than software vulnerabilities, with the latter comprising only 15% of security issues observed.

You can read the paper here or below.

Topics:
Cybersecurity & Tech
Back to Top
Sezaneh Seymour

Sezaneh Seymour

Read More
Sezaneh Seymour is the head of regulatory risk and policy at Coalition, a cyber insurance and security services start-up. She is also affiliated faculty at Virginia Tech.
Daniel Woods

Daniel Woods

Read More
Daniel Woods is a Lecturer in Cyber Security at the University of Edinburgh. His academic position is jointly appointed by the British University in Dubai, where he periodically teaches and supervises students. He received his PhD titled “The Economics of Cyber Risk Transfer” in 2019 from the University of Oxford. Daniel is also a Security Researcher at Coalition, a cyber insurance and security services start-up.
}

Subscribe to Lawfare