SMEs are still not prioritising cyber-security
Small and medium businesses could be putting themselves at risk by not taking effective steps to protect themselves from cyber-attacks, a new survey claims.
A Barclaycard study found that only one in five SMEs said they view cyber-crime as a business priority. One in ten, meanwhile, admit that they have never invested in improving the security of their website. 16% said they only reviewed their security measures after falling victim to an attack.
The survey comes alongside a Select Committee report on cyber-crime that suggested the issue was worsening and could have serious implications for the UK economy. It found that 90% of large companies had experienced a cyber-breach at some point and that a quarter of businesses suffered cyber-breaches on a monthly basis or even more frequently.
The Select Committee report focused on big business but cyber-crime is an issue that is also increasingly affecting smaller businesses. According to the Barclaycard survey, almost half (48%) of the SMEs surveyed said they had been the victim of at least one cyber-attack over the past 12 months.
The costs involved can also be considerable, with the average attack costing smaller businesses anywhere between £75,000 and £311,000 in lost sales, business disruption, compensation pay-outs and other costs. This could mean the difference between a business that is already struggling staying afloat or requiring administration processes to gain some breathing space.
A slight majority (54%) of SMEs surveyed recognise that they could be at risk from cyber-crime but many say they lack the expertise to protect themselves adequately. Only 13% are confident that they know enough to protect themselves from cyber-criminals and just 15% are confident that they have adequate security measures in place.
Some 44% of SMEs acknowledge that the responsibility for protecting their business is in their own hands but others think third parties should do more. Nearly a quarter (23%) of respondents think their website host should provide support and 12% think it is the responsibility of their payment provider to protect businesses from attacks.
By Phil Smith