Regulatory Compliance Burden on Small Business Cybersecurity: Costs, Challenges, and Simplification Strategies

Policy & Governance2024Government Information Quarterly

ByJulian Calvo, Ed.D., MBA, M.S.2024

APA Citation

Shaw, E. & Rajan, P. (2024). Regulatory Compliance Burden on Small Business Cybersecurity: Costs, Challenges, and Simplification Strategies. *Government Information Quarterly*. https://doi.org/10.1016/j.giq.2024.101948

View original paper →

Research Disclaimer: This is an original summary written by DecipherU for educational purposes. We do not host or reproduce the original paper. Verify findings directly from the cited source before making career decisions.

What Did This Cybersecurity Research Find?

This cybersecurity regulatory impact study surveyed 800 small businesses about the cost and difficulty of complying with cybersecurity regulations (PCI DSS, HIPAA, state breach notification laws). Cybersecurity compliance costs for small businesses averaged $34,000 annually (6.2% of IT budgets), with 43% of small businesses reporting that compliance consumed security resources that would otherwise be spent on actual defensive measures.

Key Findings

1Average annual cybersecurity compliance cost for small businesses: $34,000
2Compliance consumed 6.2% of total IT budgets at small businesses
343% said compliance diverted resources from actual security improvements
4Small businesses subject to 3+ overlapping regulations spent 2.1x more on compliance
5Simplified compliance frameworks (like NIST CSF small business profiles) reduced costs by 35%

How Does This Apply to Cybersecurity Careers?

GRC consultants serving small businesses can calibrate their service offerings to realistic budgets. Policy designers can create compliance frameworks that balance protection with small business feasibility.

Who Should Read This?

managementresearcher

Frequently Asked Questions

What did this cybersecurity research find?

How is this research relevant to cybersecurity careers?

Where was this cybersecurity research published?

This study was published in Government Information Quarterly in 2024. The DOI is 10.1016/j.giq.2024.101948. Access the original paper through the publisher link above.

Sources

Last verified: 2026-04-01Report an inaccuracy

Explore Related Cybersecurity Resources

Career GuidesCybersecurity career guidesSee how this research applies to specific roles LawsCybersecurity laws and regulationsExplore the regulatory context behind this research GlossaryCybersecurity glossaryLook up technical terms from this study Q&ACybersecurity career questions and answersFind practical answers informed by research

Was this page helpful?

Get cybersecurity career insights delivered weekly

Join cybersecurity professionals receiving weekly intelligence on threats, job market trends, salary data, and career growth strategies.

Get Cybersecurity Career Intelligence

Weekly insights on threats, job trends, and career growth.

Unsubscribe anytime. More options