Sophos finds SMEs fail to take cyber threats seriously

Large numbers of SMEs are failing to take security seriously under the mistaken impression that the risk to their businesses has been overstated

Small businesses are leaving themselves exposed to security risks because senior management is failing to comprehend the potential risk that cyber crime could pose to their livelihoods.

Research from Sophos has indicated that of the 2,000 small businesses that were quizzed globally 58% did not view cyber attacks as a significant risk, even though the costs of being hit were much more already mounting in the sector.

The ostrich position seemed to be deeply ingrained the more senior the decision maker in an SME and there seemed to be some scepticism about the seriousness of the threats that were targeting smaller firms.

“The scale of cyber attack threats is growing every single day,“ said Gerhard Eschelbeck, CTO at Sophos, “yet this research shows that many SMBs are failing to appreciate the dangers and potential losses they face from not adopting a suitably robust IT security posture.”

The research highlighted some of the problems holding back bosses from  taking security seriously, including limited budgets and a lack of in-house expertise.

“Today in SMBs, the CIO is often the “only information officer”, managing multiple and increasingly complex responsibilities within the business,” said Eschelbeck. “However, these “OIOs” can’t do everything on their own and as employees are demanding access to critical apps, systems and documents from a diverse range of mobile devices, it would appear security is often taking a back seat.”

Read more on Data Protection Services