Small businesses often display a lack of concern towards cybercrime and information security problems. A lack of concern usually results in delayed or incorrectly implemented security measures, which increases vulnerability to cybercrime. This paper presents an empirical study of 122 small business owners from the state of Hawaii with regards to their information security concerns. These results are compared with earlier studies conducted in 2000 and 2003. The results of this study showed a significant evolution of information security issues within small businesses. This research suggests that small businesses leaders need to demonstrate leadership, technical knowledge and actions to broaden their preparation against a range of information security issues and problems. The findings may be applicable to small business leaders who proactively search for a cost-effective and optimal combination of leadership styles, technologies, and policies that will mitigate the evolving threats of cybercrime and information security problems.