Evaluating cybersecurity risk is a daunting task, regardless of business size or primary function. The Ponemon Institue determined in 2017 that 58% of victims in data breaches were small businesses. Research using the National Institute of Standards and Technology (NIST) and its Cybersecurity Framework (CSF), this quantitative study will assess the cybersecurity posture of small businesses in Kentucky. By using a NIST designed assessment tool, security framework profiles can be determined based on particular security implementation scenarios and address the lapses in security. NIST based profiles will be assigned to identify opportunities for improving cybersecurity for these small businesse