Author Bio ▼

IFSEC Global is the online community for the Security and Fire industry. Our market-leading live events span the globe, connecting buyers and sellers.
October 20, 2017

Sign up to free email newsletters


The Video Surveillance Report 2021


UK SMEs are negligent – and complacent – when it comes to cybersecurity

UK SMEs are neglecting their cybersecurity practices – ultimately, placing themselves, their data and their business at risk of cyber-crime, a study by Xperience Group has found.

The findings concluded that 70% of businesses felt there was room for improvement when it came to their business’ data, with 40% admitting they did not have a cybersecurity strategy in place.

This is despite the fact that 84% said that they have a dedicated employee charged with managing IT and cybersecurity.

IT infrastructure and business support company Xperience Group, through director of cloud Services & Infrastructure Richard Kennedy, provided the following comment on the findings:

“Unfortunately, it’s not surprising that 40% of SMEs don’t have a security strategy in place, especially as businesses are more vulnerable than ever to an attack, due to the evolution of the threat landscape.

“Employee education, training and the implementation of technologies such as automated patch management, intrusion prevention and anti-virus/malware services are of paramount importance.”

Despite the risks, only 53% admitted to conducting a security audit on their system in the past three months

With cyber-attacks on the rise and many high-profile businesses, as well as SMEs, finding their data compromised, it seems that the rising threat level is not enough to give businesses the push they need to take greater care over their IT security.

About half (51%) revealed that their business is at risk of a cyber-attack, with 92% admitting that they had experienced a data and/or security breach in the past six to 12 months.

Auditing negligence

Nevertheless, a majority of businesses have confidence in their preparedness. Some 67% said they felt ‘somewhat prepared’ to deal with such a cyber incident, and 87% were confident in the current security systems and protocols they have in place to prevent attacks.

Such confidence jars somewhat with apparent widespread negligence in auditing systems for vulnerabilities.

Despite the risks posed from a cyber-attack and the concern that businesses have over their security practices, only 53% admitted to conducting a security audit on their system in the past three months, with 11% saying that they could not remember the last time they had done so.

The General Data Protection Regulation (GDPR), which comes into force in May 2018, requires that businesses must appoint a data protection officer if handling sensitive data on a large scale or monitoring EU citizens’ data.

If breaches occur, they need to be reported to an appointed authority within 72 hours of detection. Organisations must also only process personal data when necessary and ensure that they have the correct systems in place to safeguard data.

GDPR is set to transform how data is handled. For businesses exposing themselves to great risk of cyber-crime through mismanagement and poor practices could be landed with a fine that is potentially 79 times higher than those levied under the existing data protection regime.

Furthermore, with government estimates finding that an attack can cost businesses between £75 and £311,000 through a combination of compensation payouts, disruption and lost sales – cybersecurity is an area which businesses cannot afford to ignore.

Related Topics

Notify of
Inline Feedbacks
View all comments