Small and medium sized business breaches (a medium business is 50 to 250 employees) have increased by 10% over the last year – and they can cost companies up to 6% of their turnover, “when they could protect themselves for far less,” suggests the UK’s Department for Business, Innovation and Skills (BIS).
The Technology Strategy Board, an agency sponsored by BIS and with a total pot of £500,000, is extending its Innovation Vouchers scheme to both small and medium businesses for grants of up to £5000. The purpose is to fund external help and consultancy in security. “Companies are more at risk than ever of having their cyber security compromised, in particular small businesses, and no sector is immune from attack,” said David Willetts, the minister for universities and science. “But there are simple steps that can be taken to prevent the majority of incidents.”
Apart from the grants for outside advice, BIS will be publishing security guidance for small businesses. Mike Cherry, the national policy chairman for the Federation of Small Businesses (FSB) welcomes the move. “The FSB is very pleased to see the Government announce a package of measures including specific guidance for small firms, helping them take steps towards more effective cyber security,” he said. Information security should be part and parcel of good business practice. We need to cut through the jargon to give straightforward and practical advice, to help businesses put in place protections in their business.”
In terms of numbers, SMEs comprise almost 99.9% of all UK businesses. There are more than 4.5 million individual SMEs in the UK (BIS figures). If the total pot was distributed evenly, each SME would receive £9 towards improving its security. Andrew Beckett from Cassidian (one of the four companies taking part in CESG’s Cyber Incident Response Scheme) believes the government could do more to prevent small businesses being targeted by cyber crime. “This scheme will help SMEs to kick start their own cyber defenses,” he said. But he added, “It is clear that the cyber threat is now affecting SMEs who are simply not prepared or given enough support to deal with such a serious problem.”