By John Hill

I've recently seen a number of posts by "Cybersecurity Experts" saying that even at CMMC Level 1 it's too expensive for small businesses to comply with and in my humble opinion that's absolute hogwash.  I've also read that some of these experts are saying that CMMC as a whole is just a paper exercise with no real applicability in the real world of business or cybersecurity and that is absolutely incorrect because complying with the model requires the implementation of processes, procedures, training and real hardware and software for cyber protection.  All businesses of any size must have at least the basic cybersecurity protections in place that Level 1 certification requires and since the Defense Industrial Base is a prime target for hackers trying to find a path into the Department of Defense networks it's even more critical that they protect themselves and DoD.

According to an article originally published on October 13, 2019 and updated March 9, 2020 in the CNBC Small Business Playbook, forty-three percent of cyberattacks are aimed at small businesses, but only 14% are prepared to defend themselves, according to Accenture.  These incidents now cost businesses of all sizes $200,000 on average, reveals insurance carrier Hiscox.  More than half of all small businesses suffered a breach within the last year.  Today it’s critical for small businesses to adopt strategies for fighting cyberthreats.  Sixty percent of businesses that have been victimized go out of business within six months.

I see similar or identical statistics reported by many different organizations and publications from across the country.  Small businesses must spend some money whether they want to or not, to implement and maintain cybersecurity practices to protect their business as well as their supply chain and business partners and associates.

The cyber threat is real and according to all national statistics I've read it's growing almost exponentially.  The Cybersecurity Maturity Model Certification (CMMC) program is a critical step in the right direction and while not being cheap to get and maintain the certification it's money well spent and will save and/or make the DoD contractor far more that it’s cost when you look across the long term value of most contracts.

TechSage Solutions is a Managed Technology Solutions Provider and CMMC Registered Provider Organization.  We have been in business over 20 years helping small to medium sized businesses with their information technology and cyber security needs and have developed our web site to provide DoD contractors with timely and critical information about CMMC.  We can help you along your journey toward CMMC success.  You can go to to request a FREE initial consultation to get started on your journey.  Our CMMC Registered Practitioners are standing by and ready to assist you.