lolloj - Fotolia

UK SMEs have false sense of cyber security

Many small businesses have the mistaken impression that they are safe from cyber attacks and the huge damage they can cause

Almost three-quarters (74%) of UK small and medium-sized enterprises (SMEs) think they are safe from cyber attack, despite half of them admitting having suffered a data breach, according to a report by Juniper Research.

The research found that 50% of small businesses have suffered a data breach, two-thirds of them in the past year.

Most (86%) of the SMEs surveyed also think they are doing enough to counter the effects of cyber security attacks.

More than a quarter (27%) think they are safe from attack because they are small and of no interest to cyber criminals.

Windsor Holden, head of forecasting and consultancy at Juniper Research, said a cyber attack could cost a company millions of pounds in lost data, reputation, time and customers. “Yet our study shows that businesses believe they are far more secure than they really are,” he said.

When it comes to responding to a data breach, almost 90% of UK SMEs said they had a plan in place.

As for responsibility for cyber security, 33% of the SMEs considered it their IT department’s sole responsible to handle security threats and only one-quarter had a dedicated security executive at board level.

Board involvement is critical because all businesses need to expect the unexpected. In October 2015, TalkTalk suffered a data breach  that exposed the personal details of 155,000 customers.

Kristine Olson-Chapman, general manager at TalkTalk Business, said: “For us, cyber security is no longer just a technology issue, it’s a business issue for the whole company. Any business that has ever had a cyber attack will tell you they never expected it, even with all the processes in place. Businesses need to ask themselves what they need to do now to plan and prepare.”

Read more about cyber security for SMEs

Figures from Juniper’s research show that SMEs are addressing cyber security, but a lot more work is needed. Almost half (48%) have secure practice guidelines in place, 47% give secure practice induction briefings, 25% have a dedicated security executive, 27% conduct penetration tests to assess the likelihood of an attack, and 31% monitor emails for phishing attempts.

There is still naivety about the significance of a data breach, according to the report, which revealed that although 69% of respondents would contact someone immediately if they discovered a cyber breach, 18% would wait until the next working day if they did not consider it a big problem.

Read more on Hackers and cybercrime prevention