Almost an exact comment appeared on blog this morning wondering why I thought business would close when so many this year managed to come out the other side. I didn’t go into two much detail but the reason for the expectation of closure is multiple factors.
I need to find the source to quote, but UK government report from 2013 determined hundreds of small businesses had closed in the 2010-2012 period due to what it called “Cyber attacks and security vulnerabilities” this figure was growing and the majority of these companies were in the IT sector. The main reasons for closure included:
- Loss of consumer confidence
- Loss of vendor confidence
- Cash Flow issues
The lack of confidence which I think most people think about during these things, is actually the easiest to manage, because it’s something you can proactively do and ultimately boils down to good communication.
Cashflow on the other hand is not normally something a company especially a small one has as much control as they would like. This is the real killer, most WordPress companies are not large, even our larger agencies are still small/medium businesses with a couple of larger companies. While it’s not true for everyone a large portion of WordPress “companies” are not cash rich, they are either expanding rapidly, shrinking rapidly or stagnating. It’s unusual to see steady growth within WordPress world currently (though there are exceptions).
Consequently when something bad happens, a business may not have the money to hire the expertise they need to get back up. Some will have those already an advantage of being a technical sector but not all. Cost of dealling with a hack can easily be 5 digits and even with the best will in the world you will be hit with some loss in consumer confidence denting any growth short term.
The really small might survive with head in sand approach, the larger will survive on reserves those stuck in the middle. And here’s the kicker, those who do everything right, who formed the company, pay the taxes, pay insurance, pay the security firm to make sure its safe etc. They are the ones who get hit hardest.
The final area is one where I’ve not heard of a WordPress company being hit yet at least not for a security breach and that’s litigation.
Both from consumers but more likely from a government dept such as the ICO (Information commissioners office) here in the UK. Data breaches can cost a fortune in fines, which come on the back of any other money paid out. Investigations are time consuming and costly regardless of the outcome. While the ICO does not make a habit of going after small businesses it has targets like everyone else. If you are the unlucky business that lands on the officers desk at the wrong time of the month then your size doesn’t matter.
Here’s the second kicker, because you are a small to medium size biz, without corporate legal council on staff you can’t get around the red tape put it off etc as larger companies can. So while you won’t be sitting with large fines and bad press you have a significantly higher chance of being found guilty even though you may well have far stringent practices of larger companies.
Made worse because (at least in the UK) if you had any practice in place then it’s the shortfalls not in what happened but in your agreed practices and paper work that matters. Most businesses could take every precaution but without supporting paper trail be deemed to have taken none.
It get’s worse, that insurance you took out, probably doesn’t cover such investigations, and insurances companies often won’t pay out without the correct paperwork. This has left me in the most uncomfortable position in the past where I’ve been having to report to the insurance company procedure hadn’t been met due to lack of associated compliance documentation, where the business had taken very reasonable precautions and a bit of bad luck and a grumpy ex employee caused all the issues. It’s a horrible circumstance to be in and is an unpleasant moment when you know they did things right, but some guy in an office is about to invalidate their insurance.
So that’s all very generic, why do I think it’s going to boil down in 2015?
Well we have a lot of small businesses in the WordPress world most are still bedroom spare time projects. A few are migrating to forming companies etc, this trend appears to be growing.
The technical expertise and barrier to entry seems to be lowering. These companies are no longer developer focused but often very sales focused with limited technical support.
More and more e-commerce focused plugins and companies are forming around WordPress, most with limited understanding of where their liability stops or indeed any understanding of the compliance issues.
Certainly in the EU litigation and compliance are becoming a greater threat to companies.
The combination of factors, means we are likely to see small fast growing, not cash rich companies, in the EU doing the right thing. While also seeing an increase of security vulnerabilities both within software and on sites.
It’s a building storm and one that feels inevitable.
To give you some background on where I’m coming from, I worked in e-commerce sector and have worked alongside PCI Accessors and for underwriters providing expertise on e-commerce and security. My former company also built one of the first commercial plugins for WordPress, which was membership software with all the legal joys, and massive insurance premiums providing software that powers peoples businesses with over $1m/month processing from our combined customers (not us sadly) through goes.