SMEs failing to address cyber threats despite risks

Small to medium enterprises are failing to prepare adequately to address cyber threats – despite the risks – because of a false sense of security, particularly in the UK, a survey has revealed.

TIVA’s partner entrustIT are an ISO 27001 and 9001 certified company, the globally recognised industry standards of data security and quality management – entrustIT understand the importance of keeping customer data safe and providing an unparalled service. http://www.entrustit.co.uk/security-2/

Despite the WannaCry and Petya global cyber attacks, only 42% of SME IT decision makers polled in the UK, US and Australia are concerned about ransomware.

A survey instructed by Webroot who are a security firm, they found that ransomware ranked lowest amongst concerns, with malware infections topping the list, it was then followed by mobile and phishing attacks.

That said, the research Webroot did from June 2017 based around threats actually came from a mixture of businesses, not surprising it revealed over 60% of businesses have been affected by ransomware, in particular the retail and financial sector being hit the worst.

Interestingly in the UK, the research highlighted a false sense of security amongst those responsible for making IT decisions. That is with 72% of UK respondents admit their businesses are not ready to address external threats and 87% are confident their staff would be able to address or eradicate and issue.

When a business suffers a cyberattack, the ramifications are felt both internally and externally, this is according to a survey report by Webroot.

Nearly 58% of UK replier’s in comparison to 65% globally, firmly believe it would be more challenging to build back up a company’s public image than to restore employee trust and morale.

Highlighting the requirement for proactive security solutions, replier’s estimated a cyber attack on their business where customer records or critical business data were lost would cost around an average of £737,677 in the UK compared with an overall average of £773,483.

In order to address the growing threat, almost all respondents plan to increase their annual IT security budget in 2017 compared to 2016, this is according to Webroot’s threat report.

The survey revealed SME businesses in the 100 to 500 employee bracket currently manage their IT security in numerous ways. In the UK, 22% of SME’s have in house personnel who look after the IT security along with other job functions compared with the average of 20%.

A 1/3 of UK SME businesses use a mixture of in-house and outsourcing IT security support, this is in comparison with the average of 37% while 25% have an in-house dedicated IT security professional and or team, again in comparison with 23% on average.

92% of UK respondents believe by outsourcing their IT solutions they feel they would be better protected as an organisation against threats giving them the ability to increase their bandwidth to address other areas of their business, compared with an average of 90%.

Using a third-party cyber security provider

Amongst those businesses that do not currently outsource their IT security, 82% of UK SME’s will likely use a third-party provider for cyber security in 2017, with an average of 80%, this shows a huge opportunity for managed security service providers.

“The lack of concern about ransomware is leaving a gaping hole in the security of global businesses,” said Adam Nash, regional manager for Webroot in Europe.

“This combined with the UK’s false sense of security when it comes to businesses’ ability to manage external threats is worrying,” he said

According to Adam Nash, SME’s cannot afford to put security on back burner any longer and they need to start looking into the issues and trends affecting the industry.

“Enlisting the help and expertise of an MSSP is one way to implement a secure, layered approach to combat external threats,” he said.

Many SMEs fear cyber security attacks

Michael Donkin is the director of an IT support consultancy firm called The IT Dept, he says many SME businesses are concerned about cyber security attacks, but don’t always address those concerns as fully as they should do, which comes out of the survey.

Better, safer practices could be utilised by most of our clients, but immediate budgetary concerns can take precedence,” he said.

Donkin recommends that SMEs combing “front line” antivirus protection with other elements, such as anti-spam measures, firewall configuration, a quality data backup solution, employee awareness, and a “healthy dose of common sense.”

Lack of planned investment

The Webroot reports comes days after insurance form Zurich published a report on a survey of 1,000 UK SME’s, it showed that around 49% of SMEs plan to spend £1,000 or less on their cyber defences in the next 12 months and nearly a quarter do not know how much they will spend yet.

It is surprising the lack of planned investment in cyber defences with the increase of attacks happening, along with associated costs of those attacks and the fact that strong cyber security has the potential to give SMEs an opportunity to stand out from their competitors, around 1 in 20 claim to have gained an advantage over a competitor due to the strong cyber security credentials.

This is a trend that has been confirmed by a separate survey of SME’s by security e-learning firm CybSafe, it showed that around half of SMEs canvassed now have cyber security conditions included in contracts with enterprise customers in the past 5 years, one in third of respondents interestingly enough have said they have had their cyber security questioned as part of winning contracts in the past year.

TIVA’s partner entrustIT are an ISO 27001 and 9001 certified company, the globally recognised industry standards of data security and quality management – entrustIT understand the importance of keeping customer data safe and providing an unparalled service. http://www.entrustit.co.uk/security-2/