A large number of small businesses are failing to put enough focus on developing their cybersecurity, according to new figures put forward by global payment giant Barclaycard.
Its survey of more than 250 small companies revealed that as little as one in five (20%) viewed cybersecurity as a top business priority, despite almost half admitting to falling victim to a cyber-attack within the last 12 months and 54% saying they are fearful of being at risk of being hit.
A key factor could be a lack of knowledge about how to prepare a strong security posture in the first place (just 13% of those polled claim to be confident that they understand enough about cybercrime to protect their business), but when you consider that government research has found the average cyber-attack on a small business can cost anything between £75,000 and £311,000, these findings are particularly concerning.
“When it comes to security, it is unsettling that so many SMEs are not making it their top priority, especially as two thirds of SMEs have been victim of cybercrime in the past two years alone,” said David Navin, head of corporate at Smoothwall.
Small business are just as much in the firing line as larger organizations, argued Navin, so it is naive of them to not consider cybersecurity to be a top priority.
“In fact SMEs are not only an appealing option to hackers, they are often an easy one, especially with the majority of SMEs holding large volumes of data, making them a very attractive target to a hacker but they are also frequently part of supply chains and could therefore be the backdoor for hackers to gain entry to larger companies,” he added.
These were sentiments echoed by Andy Herrington, head of cyber professional services at Fujitsu UK and Ireland, who said:
“Successful small businesses should recognize that good basic security practice is a ‘differentiator’ for them as a supplier and will be key in building the trust of their clients.”
“Implementing a basic security framework through understanding the threat will allow small businesses to get on the front foot in combating attacks, ensuring that these threats don’t escalate into major issues. In parallel, small businesses need to look at embedding baseline security education early on to ensure everyone is engaged and part of the overall organizational resilience. This should also be seen as an investment in the company’s growth plan as getting good security practice baked in when you are small is better than trying to applying it to a much larger organization, as you can set the culture early on in the company’s lifecycle.”