Vertical Markets

Small businesses at risk

by Mark Rowe

Small businesses are at risk from cybercrime by not putting adequate protection measures in place. That is according to new research from Barclaycard.

A survey of 250 small businesses found that just one in five (20 per cent) see cyber security as a top business priority, while one in ten (10 per cent) have never invested in improving the security of their website. This is despite the impact of a cyberattack costing UK small businesses on average between £75,000 and £311,000 in lost sales, business disruption, recovery of assets, fines and compensation.

As a result of not taking measures to protect themselves, businesses are leaving themselves open to potential threats. Almost half (48 per cent) have been hit by at least one cyber-attack in the past year, with one in ten (10 per cent) experiencing more than four attacks. Almost one in five (16 per cent) admit that they were only prompted to review their cybersecurity when they were hit by an attack.

The research found a majority (54 per cent) of SMEs are concerned that could be at risk from an attack, but many lack the knowledge and expertise to know how to better protect their business online. Only one in eight (13 per cent) claim to be confident that they understand enough about cybercrime to protect their business, and just one in six (15 per cent) are very confident that they have adequate measures in place.

Despite their lack of expertise in how to mitigate against cybercrime, more than four in ten (44 per cent) of SMEs acknowledge that the responsibility for protecting their company online lies in their own hands. However, support from third parties is also key. A quarter (23 per cent) admit they lean on their website host and see it as their responsibility to provide support and more than one in ten (12 per cent) think it is the responsibility of their payment provider to protect businesses from an attack.

Paul Clarke, Product Director at Barclaycard, said: “Businesses of all sizes face a constant and growing threat from cybercrime. As our research shows, many small businesses are failing take the necessary precautions, either because they don’t know how to protect themselves or, more worryingly, because they don’t think they need to. At Barclaycard we work with our customers to ensure they are aware of the growing threats they face and understand how they can protect themselves from cyber threats. Cybersecurity is not a one-off investment that can then be forgotten about, especially as criminals are becoming increasingly sophisticated in the way they target businesses. For fifty years we’ve been working in partnership with customers to ensure they are not only putting the right measures in place from the outset, but are also continuously reviewing their policies to keep up with the latest industry developments.”

Visit: https://www.barclaycard.co.uk/business/accepting-payments/payment-security.

Comments

Stephen Love, Security Practice Lead – EMEA at Insight said: “Today’s news that only a fifth of SMEs rank cyber security as a top business priority is worrying. No matter their size, small businesses need to take proactive steps to protect their assets from cyber-criminals. Today, cybercrime is a well-organised, well-run machine and no business, large or small, is exempt from the threat. For individuals and businesses to fight back, they must first understand what they can do to protect themselves. This can be as simple as updating their operating systems. You will be surprised how many small businesses are still running old operating systems on their IT networks like Windows 2003. Any servers still running this programme cannot host new antivirus software and remain unpatched, so are vulnerable to attacks. Furthermore, in today’s age of big data, it is crucial businesses look at what portion of their data is most valuable and needs closer security attention. By carrying out a thorough assessment as to what data is uniquely distinct to the organisation, discovering if and how it is at risk and putting in place security measures accordingly, every organisation can feel confident they have the best defensive measures possible in place and that if the sensitive data does end up in the wrong hands, it will be rendered useless. This, alongside a robust education programme, will give consumers trust in the organisation and more confidence in their own online dealings.”

Geoff White, underwriter at insurance market Lloyd’s, said: “The Barclaycard survey findings that SMEs are still not prioritising cyber security is disappointing. Although many UK businesses are not aware of how exposed they are, technology is so fundamental to how businesses run that cyber is a risk regardless of size or industry. There’s no such thing as perfect cyber security, and, with the introduction of the new EU regulations, small businesses will be financially impacted. We know it’s now a matter of “when, not if” a company suffers a cyber-attack or breach, but they shouldn’t be company-ending events. Businesses should look towards wider protection, including cyber insurance, to protect their balance sheet and help get them back on their feet.”

David Navin, Head of Corporate at Smoothwall, said: “When it comes to security, it is unsettling that so many SMEs are not making it their top priority, especially as two thirds of SMEs have been victim of cybercrime in the past two years alone. It is hugely naive of them to feel that they are not at risk from cyber attacks, when they are just as much in the firing line as larger companies. In fact SMEs are not only an appealing option to hackers, they are often an easy one, especially with the majority of SMEs holding large volumes of data, making them a very attractive target to a hacker but they are also frequently part of supply chains and could therefore be the backdoor for hackers to gain entry to larger companies.

“It is now not about if an attack occurs, but when. SMEs need to ensure that they have a robust security system in place in order to mitigate the risks and protect their data and that of their partners. While security regulation may not always directly impact SMEs, often directed at large organisations, they must take a proactive stance. Not only will it protect them now – but if they are seen as a security weakness, they will be a less attractive partner for large companies. Suddenly, security impacts SMEs bottom line and growth prospects. In taking a smarter approach to cyber security, SMEs protect their future – readying themselves for growth and making themselves a watertight part of a cyber defence strategy.”

And Andy Herrington, Head of Cyber Professional Services at Fujitsu UK and Ireland, said: “With only a fifth of small businesses ranking security as a top priority, the majority need a severe awakening. Many small businesses may not see themselves as a target due to their size, but the fact is that small businesses are the target of 7m attacks a year and so need to be vigilant and make it a top business priority. Small business are often part of larger organisations’ supply chains and are therefore a target entry point. Successful small businesses should recognise that good basic security practice is a ‘differentiator’ for them as a supplier and will be key in building the trust of their clients.

“Implementing a basic security framework through understanding the threat will allow small businesses to get on the front foot in combating attacks, ensuring that these threats don’t escalate into major issues. In parallel, small businesses need to look at embedding baseline security education early on to ensure everyone is engaged and part of the overall organisational resilience. This should also be seen as an investment in the company’s growth plan as getting good security practice baked in when you are small is better than trying to applying it to a much larger organisation, as you can set the culture early on in the company’s lifecycle.”

Related News

  • Vertical Markets

    Payment Watch scheme

    by Mark Rowe

    BOSS, the British Oil Security Syndicate, is featured in the December 2015 print issue of Professional Security magazine. The loss prevention membership…

  • Vertical Markets

    ATM warning

    by msecadm4921

    Police are warning residents to be vigilant when using cash machines to withdraw money. Criminals travelling across West Yorkshire and into neighbouring…

  • Vertical Markets

    Padlocks for airport

    by Mark Rowe

    LOCKEN, the smart key product company, reports providing Palma de Mallorca Airport with access control. As the third largest in Spain, Palma…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing