Small firms and startups are often referred to as the “engine” of the U.S. economy because of their ability to create new jobs. For example, firms with fewer than 500 employees accounted for 63% of net new U.S. jobs created between 1992 and 2013.
Yet despite their importance to the economy, small firms often face difficulties accessing bank financing. These firms are typically opaque — that is, they don’t attract media or analyst attention, or produce lengthy financial reports. As a result, banks cannot rely on public information to assess loan applications from small firms. Instead, the firms must provide the bank with information demonstrating their creditworthiness. This process can be cumbersome and expensive for small firms.
In many cases, a bank can avoid imposing onerous reporting requirements on a firm by relying on its experience lending to similar firms from the industry or community to make loan approval decisions. In theory, this arrangement can make it easier for small firms to get credit.
Yet regulators pressure banks to collect more documentation from their largest exposures — precisely those areas where the bank has the greatest experience — a policy that can work to the disadvantage of small firms.
For example, a bank that has expertise in lending to small manufacturing companies might be the best able to access lending risk, and therefore make the soundest lending decisions on new businesses in this sector. But the bank’s expertise works against it since regulators require banks with heavy concentrations of loans in certain industries to collect even more documentation.
Starting in 2016, push comes to shove for small businesses under the Affordable Care Act, better known as Obamacare. As of January 1, small businesses, broadly defined as firms with 50 to 100 full-time employees, must comply with the ACA’s employer mandate and provide qualified health insurance to their workers or face stiff penalties. But this requirement poses a big threat to the financial stability of small employers—and not for the reasons you might think.
Obamacare includes a myriad of regulatory incentives and exemptions that define the parameters of the employer mandate. However, these have inadvertent consequences. Most important, exemptions in the ACA encourage small firms to self-finance their health care plans—that is, pay their workers’ health care bills directly, rather than covering them through a traditional insurance policy. Most large companies in America (above 3,000 employees) engage in self-funding, but that is done now by only about 16% of small companies of between 50 and 100 employees. According to my research, that number is set to rise.
It’s understandable that small companies see self-funding as the superior option. By financing their own health care plans, they stay exempt from the community rating requirements that restrict how much insurers may vary premiums based on factors like age and smoking status; they also stay exempt from the federal and state taxes on most health care premiums that are paid to traditional insurers.
If you wanted to hack a business, which one would you pick: A Fortune 500 company with a large digital-security budget and a team dedicated to protecting its cyberassets? Or a small enterprise that doesn’t employ a single IT security specialist? Of course hackers are equal-opportunity criminals, but you get my point.
Security breaches at big companies such as J.P. Morgan,Sony and Home Depotdominate the headlines, but safety measures are crucial for organizations of all shapes and sizes. According to the 2012 Verizon Data Breach Report, 71% of cyberattacks occur at businesses with fewer than 100 employees. The average cost of a data breach for those small businesses is $36,000.
We can no longer assume that hackers are solitary figures sitting in basements fiddling with their laptops. They may be members of organized-crime groups or employed by nation states, and they have resources that can destabilize entire companies and countries. These hackers constantly look for Internet vulnerabilities. They break through firewalls, infect machines, and use phishing schemes to gain access through emails to people’s passwords and Social Security numbers. They can then leverage weaknesses in applications to cause a database to output its contents.
So what can the owner of a small business do to defend himself? Here are some tips.
A few years ago I was working with a small consulting firm, and one of our up and coming salespeople left for a competitor. No big deal. It happens. But several months later, the management team noticed a disturbing trend. The company kept losing bids for new business to this very same competitor. It had happened four times in a row when finally we realized that we’d forgotten to turn off the former employee’s network access. He had been logging into our network, stealing our information, and then undercutting us. Read More »