Small and medium-sized enterprises (SMEs) in the UK are facing many challenges with cyber security. Not only are they experiencing more pressure to safeguard their systems due to an increasing amount of business being conducted online, but they also have the added pressure of needing to ensure a ‘cyber-safe’ remote-working environment for employees.
Despite this increased threat, recent research from Defense.com finds that almost a quarter (24%) of SMEs in the UK spend nothing on cyber security, and a further 25% spend less than £1,000 a year.
So why aren’t small businesses doing more to protect themselves?
The ‘New Normal’
One unfortunate impact of the pandemic and working from home is an increase in cybercrime. Employees working from home or on their own devices have less security and safeguarding in place, making them much more likely to fall victim to malware (malicious software) and phishing emails, where hackers will attempt to steal sensitive data or login credentials. In some cases, once the files have been encrypted, the hackers demand a ransom from the company affected in exchange for the company/customer data accessed. This may all sound very technical and a bit farfetched, but ransomware is now the top cyber security threat that businesses face in the UK, making up 23% of all attacks.
These kinds of attacks can be detrimental to small businesses and can cause a loss of customers, revenue and could potentially even lead to organisations going out of business entirely. The effects of these heightened risks are being felt by SME’s, and the Defense.com research found that 35% of SMEs believe that the pandemic increased their exposure to cyber risk.
Cyber security sceptics
Despite the past 18 months being difficult to manoeuvre, SMEs report feeling self-assured in their decisions around cyber security and 55% said their business is healthy from all points of view (financial, cyber security, customer retention), with just under half (48%) believing their business could deal with a cyber security attack. Worryingly, this translates to only around one in ten (12%) of decision-makers saying that cyber security challenges are one of the biggest threats to business growth.
Will cyber security investment slow small business growth?
There is a consensus among the SME community that they aren’t the target of cyber-attacks, with 19% of SMEs agreeing that one of the main reasons they don’t invest more in cyber security capabilities is because they don’t think their business is under threat. Other reasons for not investing included business being too small (34%) and not thinking their business data is a target (19%).
There seems to be a false belief that investing in cyber security is at odds with growing a successful business. SME decision-makers believe the cost is prohibitive and would prefer to take on the risk, then the financial outlay. 35% of SMEs say their investors only care about growth and not cyber security and 41% of SMEs think investing in cyber security is too big a cost and would prefer to take risks.
British SMEs aren’t taking cyber security seriously, particularly as the threat is increasing due to many small businesses operating a distributed workforce for the first time. This is often no fault of SMEs themselves. Managing finances in a small business is an extremely difficult tightrope to walk, and up until now, cyber security has not been perceived as a priority or serious threat to warrant the investment (a mere 8% of SME leaders believe that a cyber-attack could result in the insolvency of their business).
However, a low-security budget and lack of cyber skills can seriously impact the competitiveness of SMEs, and a successful cyberattack has the potential to put an SME out of business. This means it’s time for SMEs to shift their thinking around cyber security and engage with some of the easy to understand and affordable options that now exist, in order to grow their business securely and in a cost-effective manner.
“
