Just One Third of UK’s Small Firms Have Security Strategy

Written by

A third of the UK’s small companies have no cybersecurity strategy in place, according to new research designed to raise awareness among the business community.

Membership organization Business in the Community (BITC) commissioned YouGov to poll over 1000 employees from small and medium-sized businesses about their attitudes to cybersecurity.

While 30% of small firms with under 50 employees claimed not to have a security strategy in place, the number fell to just 4% for medium-sized business (50-249 employees).

Equally concerning is the fact that just over a third (35%) of SMBs said they had a basic data protection policy in place, while even fewer (29%) claimed to have a policy for controlling access to systems.

This is despite the advent of the GDPR almost a year ago, which could levy fines for non-compliance. An estimated 59,000 businesses across the EU had reported security breaches to regulators as of February, according to DLA Piper.

Those in the legal, and IT and telecoms sectors appeared the best prepared, with just 8% in each group claiming to have no security measures in place. At the other end of the scale, retail (43%), construction (39%) and real estate (36%) firms were most likely to have no security in place.

The research was launched to coincide with the start today of Would You Be Ready? Week, an initiative designed to improve the resilience of SMBs to cyber-related threats. This matters, as over 99% of UK PLC is technically comprised of small businesses.

“Anyone in business today needs to make sure they are cyber-risk aware,” argued Nominet head of cybersecurity, Cath Goulding.

“In addition to a strong portfolio of up-to-date and relevant security tools, to best prepare, cybersecurity needs to become part of company culture with everyone working towards the same goal — from the receptionist to the senior team.”

What’s hot on Infosecurity Magazine?