Cybersecurity & Tech

Calibrating Secure by Design With the Risks Faced by Small Businesses

Sezaneh Seymour, Daniel Woods
Friday, February 14, 2025, 10:00 AM

Empirical evidence suggests guiding small businesses toward more secure configurations is more important than eliminating vulnerabilities. 

Cybersecurity lock (https://stockcake.com/i/cybersecurity-digital-lock_1062621_932766, Public Domain)
Meet The Authors

Published by The Lawfare Institute
in Cooperation With
Brookings

Subscribe to Lawfare

In this paper for Lawfare’s Security by Design Paper Series, Sezaneh Seymour and Daniel W. Woods argue that Secure by Design (SbD) policies should be calibrated to the actual risks faced by small businesses, rather than focusing primarily on software vulnerabilities. Using a dataset of over 90,000 U.S. firms, the authors find that insecure configurations are a more pressing problem than software vulnerabilities, with the latter comprising only 15% of security issues observed.

You can read the paper here or below.

Topics:
Cybersecurity & Tech
Back to Top
Sezaneh Seymour

Sezaneh Seymour

Read More
Sezaneh Seymour is vice president and head of regulatory risk and policy at Coalition, a leading provider of cyber insurance and security services. She served as senior advisor for cyber and emerging technology on the National Security Council staff, and as deputy assistant U.S. trade representative at the Office of the U.S. Trade Representative in the Executive Office of the President, where she negotiated and enforced trade agreements.
Daniel Woods

Daniel Woods

Read More
Daniel Woods is a Lecturer in Cyber Security at the University of Edinburgh, and a Security Researcher at Coalition. He received his PhD titled “The Economics of Cyber Risk Transfer” in 2019 from the University of Oxford.
}

Subscribe to Lawfare