Six in ten SMEs have no regular access to IT security experts
A skills gap in security experts within IT could be putting businesses at risk, according to a new report.
The survey, by IT services firm Spiceworks, also found the problem was worse for smaller and medium enterprises than for larger companies. 59% of smaller businesses (defined in the study as those with fewer than 500 employees) reported that they had no regular access to a security expert.
This did not just apply to internal security experts but also to third-party contractors and managed security services. It was less of an issue but still a significant concern for larger companies with 500 or more employees, where a third of such businesses had no access to a security expert.
Business leaders are coming round to the idea that cyber-security is important but it could be argued that it is still not being given the attention it deserves. Almost three-quarters of chief information security officers (CISOs) and senior IT leaders across the UK and US said that cyber-security should be a top priority for 2016, but that still left more than a quarter who didn’t.
More than half of CEOs also agreed that security should be a priority. That still leaves a large amount who are failing to prioritise what could be a huge threat to their businesses. A study by IBM and Ponemon found that the average cost of a data breach to global businesses stood at $4 million (around £2.8 million at the time of the study’s release). In the UK specifically the figure was £2.53 million.
The cost was substantially lower for small businesses but they are frequently less well placed to absorb the costs, which could easily tip many into insolvency or towards a company voluntary arrangement. According to government figures, the average cost of a data breach to UK SMEs is around £310,000.
The Spiceworks study reported that there is expected to be a global shortage of 1.5 million IT security experts by 2020. It suggested that internal training could be one solution but found that 57% of employers were not fully on-board and would require further convincing.
By Phil Smith