- Security TWENTY
- Women in Security Awards
Almost half of UK small to medium-sized businesses (SMBs) believe a cyberattack would put their business at risk of closure, and 48 per cent of businesses report they have had to de-prioritise activities that would help grow their business, to address cybersecurity.
That is according to a report, “Size Does Matter,” on the challenging climate for UK SMBs in a time of rapid political, economic and social change for the cyber product company Webroot. Second only to Brexit, cybersecurity threats are the biggest source of uncertainty, it’s suggested. As a result, SMBs are spending almost an entire working day (18 per cent of their time) a week on cybersecurity related tasks, according to the study.
Almost half (48pc) have suffered a cyberattack or data breach in their lifetime, with over one in seven saying this happened more than once. Of the businesses that had been targeted, 70 per cent were used as an entry point into a larger enterprise system they supply to. Nearly half (48pc) of the cases negatively impacted relationships, with one in five (22pc) admitting they are no longer a supplier as a result.
UK SMBs see clear business benefits to cybersecurity investment. A half (52pc) believe investing in cybersecurity drives innovation, and 58 per cent believe it increases productivity. One in four (28pc) say cybersecurity could increase their revenue and attract new customers. Nearly two-thirds (64pc) believe that being smaller enables their business to react more quickly to industry or political change than larger enterprises. Three-fifths (61pc) think their employees are quicker to flag potential cybersecurity issues than at larger enterprises. Yet, 40pc believe cybersecurity policies and threats restrict SMB growth more than larger enterprises
Paul Barnes, Senior Director, Product Strategy, Webroot says: “SMBs can no longer consider themselves too small to be targets. They need to use their nimble size to their advantage by quickly identifying risks and educating everyone in the business of how to mitigate those risks, because people will always be the first line of defence. Working with the right cybersecurity partner or managed service provider (MSP) to develop the right strategy for their size will allow smaller businesses to prioritise the activities that matter most and help them grow.”
Theo Paphitis, Business Entrepreneur and #SBS Small Business Sunday Creator adds: “This research from Webroot shows that SMBs can no longer afford to believe they’re too small to be targeted. But it’s clear there needs to be a balance. It’s concerning that smaller businesses have had to deprioritise activities that would help them grow in order to address security issues. Educating small businesses on cybersecurity and helping them get the right support to address challenges is crucial. Small businesses are in the unique position to act quickly and be more flexible than their larger counterparts.”
Tips for SMBs:
Security awareness training can’t be a tick-box activity for SMBs. It needs to be continual so cybersecurity stays top-of-mind and user error is minimised.
SMBs need to leverage both next-generation endpoint protection and network protection to ensure they are covering the gaps that cybercriminals and hackers deploy to compromise businesses.
Phishing is a favourite technique amongst attackers. Make sure employees are confident in identifying the different types of attack. Security awareness training that incorporates phishing simulations, ensures that people, processes, and technology are all harnessed effectively together to stop cybercriminals.
Every business has different risk factors. If you don’t have the expertise, get an independent security audit or your MSP to help assess your security posture. Work to develop a plan for adequate ongoing risk mitigation. Look at your GDPR exposure and follow guidelines to ensure the appropriate mitigation criteria are met.
Plan for the worst. Create a data breach response plan.
A survey of 501 IT decision makers in companies with one to 500 employees was by Censuswide in January 2019.