igor - Fotolia

Samsung study warns startups to up their security stance

New report finds small businesses must do cyber security better if they want to work with large enterprises

There is a gap between the approaches to security adopted by enterprises and startups, according to the Big + small study from CCS Insight for Samsung.

Nicholas McQuire, vice-president of enterprise research at CCS Insight, said in the report that attitudes to risk often shape how organisations approach security.

“Large organisations and startups are different,” he said. “Startups are often in a fast-growth stage, so they are more likely to embrace risk on every level because, as an early-stage venture, arguably the entire business is at risk. As a result, startups typically take a more laid-back approach to data security. They lack data security procedures and often don’t make it as much of a business priority compared with their larger counterparts.”

The study found that half of enterprise decision-makers list security – and device security in particular – as one of the biggest priorities for investment in mobility and workplace technology in 2017. In small companies, just 30% say security is one of their top business priorities.

Similarly, 59% of decision-makers say data security is one of the top three challenges alongside mobile technology in their organisations, while only 27% of startups cite data security as one of their top three challenges.

According to CCS Insight’s survey, fewer than one in five employees in small businesses are given training on security threats, and security training is three times more likely in larger organisations.

“This lack of focus on security among smaller organisations is a concern when escalating cyber attacks and more rigorous compliance are increasing the pressure, especially on those lacking the skills, working practices and capabilities to cope,” McQuire said in the report.

The security gap could become a barrier preventing startups working securely with large businesses.

Phil Lander, head of B2B at Samsung Europe, said: “Large businesses and small startups have realised their future success depends on the ability to collaborate with each other, but true collaboration must go beyond signing up to a partnership.”

Read more about small business cyber security

The high proportion of mobile workers in small firms increases the risk from mobile malware, which CCS Insight estimates has doubled over the past two years. And Europe’s General Data Protection Regulation will come into effect in May 2018, bringing heavy financial burdens for those unable to protect personal data and report data breaches within 72 hours.

“Small businesses will need to address these diverging approaches to security,” said McQuire in the report. “How well they protect themselves against these threats will play a significant role in their success.”

As Computer Weekly has previously reported, London is calling on the cyber security community to help keep the city’s more than one million small businesses safe from cyber crime.

Read more on Security policy and user awareness