SMEs Unprepared For Cyber Attacks

Small Businesses In The UK Are Not Prepared For Cyber Attacks, A Report Finds


Steven Beahan, Partner | +44 (0)114 294 7868

Small businesses across the country are not prepared for cyber attacks, according to a new report from Kaspersky Lab.

The internet security organisation's research showed that 31 per cent of respondents would not know what to do if they suffered a cyber breach tomorrow, while a further 40 per cent would struggle to recover data lost if such an attack took place.

Worryingly, a quarter admitted to Kaspersky they would not be able to retrieve any data lost in the event of an external security breach, raising questions about the UK's cyber defence protocols.

But some were confident that their small size meant they would not be targeted by hackers.

Just over 80 per cent of those questioned said their company was "too small" and "not worth targeting" by hackers, even though many of these firms had private personal data about their employees stored on computers, laptops and other devices.

Krill Slavin, UK managing director of Kaspersky Lab, said: "One in ten of those surveyed admitted that an IT security breach would probably cost them their business. This must be addressed, and quickly."

This view was backed by Alex Grant, head of fraud prevention at Barclays, who added: "Micro firms don't have to become IT security experts. Most of the time it's the IT equivalent of remembering to lock all the doors and windows when you go out."

Kaspersky advises that SMEs should ensure that all internet-enabled devices are protected by a secure password, even if equipment is company or employee-owned.

These passwords should be strong, and should include a mix of letters, numbers and symbols and should be different for each website or login portal - something many smaller firms neglect to educate their workers on at present.

The online security company is also urging SMEs to make backups of all important documents, as this is a key element in ensuring that a cyber security breach does not cause excessive disruption to operations.

Expert Opinion
For many businesses, having an online presence and offer services via the web is a fundamental part of functioning effectively in the 21st century and remaining competitive in their chosen marketplace.

"However, such operations are fraught with risks which companies cannot afford to ignore. Primarily, businesses need to have cyber security processes in place to ensure they are complying with their data protection responsibilities.

"Meeting regulations is absolutely vital, as breaches can impact on not only lead to regulatory action but also impact severely on a business’s reputation. Companies need to be protected and also aware of their core responsibilities in terms of compliance – and can gain an understanding of the latter from legal experts."
Steven Beahan, Partner