The majority of small UK businesses are failing to take steps to protect themselves from data breaches, despite more than half registering concerns that their reputation could be damaged by an attack, according to new research from CSID.
The identity protection firm’s CSID Europe Small Business Research study found that 52% of small firms surveyed aren’t taking preventative steps to guard against cyber-attacks.
A further 85% said they aren’t planning to increase security budgets while fewer than 13% claimed they’re working with third party experts to build cyber-defenses.
Just 15% said they had a social media policy in place while less than half (47%) monitor what’s written about their brand online.
Yet there is a general awareness around the risks involved in failing to properly protect against attacks.
Some 53% of respondents said they were concerned about reputation damage, half said they were worried about undetected malware, and a third about phishing.
Disappointingly, just 3% said BYOD is a concerning threat.
CSID’s European MD, Andy Thomas, pointed out that the needs of small businesses are very different from those of their larger counterparts.
“They don’t have the budgets to support dedicated in-house IT security teams and there is often a lack of understanding about the options that are available to them,” he told Infosecurity.
“They are simply not being offered the right type of solutions, so they leave themselves open. In reality, it doesn’t have to be expensive or complicated to implement cybersecurity for a smaller organization of any kind.”
The findings of CSID’s research echo those of the recent PwC 2015 Information Security Breaches Survey, which claimed that 74% of UK small organizations had a security breach, up from 60% the year previous.
Just 7% of respondents to that survey said they expected budgets to increase next year, as opposed to 42% during the previous study.