SME Cyber-Security: Understanding Is Your Best Defence

Shackleton Technologies

If you think a cyber-security breach isn’t going to happen to your company, think again. A recent study revealed a huge number of SMEs suffered data breaches last year… The danger isn’t going away – but does your company understand the risks?

There’s a common misconception that cyber-security doesn’t ‘apply’ to SMEs, that it’s only larger companies who really have anything to lose. This is an attitude we’re trying to change. One of the biggest risks to your company’s cyber-security is simply complacency: the false sense that you’re somehow protected from the kinds of disaster you see on the news…

Underestimating the threat

If that sounds like you, the recently released ‘2015 Information Breaches Survey‘ should be essential reading. The PWC survey took in 661 responders, and while it revealed that over 90% of large companies suffered security breaches in 2014, it also showed 74% of SMEs were also hit – that’s up almost 15% from last year, and costing around £785 million per year. Those breaches aren’t all on the scale of the well-publicized Sony hack, but that’s part of the problem: the size and shape of a cyber-threat can be hard to quantify, leading many MDs to underestimate their impact.

This problem is widespread. A report from insurance broker, Marsh, released earlier in June revealed only 18% of UK firms could admit to having a ‘complete understanding’ of cyber threats and only 16% considered them a ‘top five’ risk to their organisation. Marsh’s research also picked up on PWC’s survey and speculated that the 10% of large companies that had not been compromised by an attack, were either very lucky or were just unaware that their security had been breached.

Misunderstandings

Cyber-crime thrives in this kind of culture: misunderstanding threats – what they are, what they can do, what they can cost you – is part of the problem we work with our clients to overcome. So what kind of misunderstandings and misconceptions are out there?

Size: cyber-threats only really grab the headlines when they affect big companies – which leads many small business owners to think ‘it won’t happen to me’…

- In reality, PWC’s research suggests SMEs are now at the top of the list of many cyber-criminals, who can cause between £65,000 and £115,000 when they strike.

Human error: most companies think that protecting against cyber-threats is a simple as not opening that suspicious email…

- In reality, modern cyber-threats have become nuanced and sophisticated – it’s likely your employees don’t have adequate training to deal with them, or are simply unaware of the threats around them.

Security costs: to many MDs, protecting their company against cyber-threats sounds expensive – so much so that it’s not worth the price of installation…

- In reality, there are plenty of ways to keep costs down and protect your company, including software customised to your security requirements – a much cheaper option than dealing with the costs of a serious security breach.

Recovery: many businesses believe the cyber-threat or the attack itself is their main concern – and once the threat is dealt with, it’s business as usual…

- In reality, cyber-threats have on-going and devastating effects on your company’s finances, performance and professional reputation. Disaster recovery can make all the difference to your survival should the worst happen.

Like any good product, your security measures should be tailored to ‘fit’ you, but since cyber-threats change their form constantly, it’s important that the way you deal with them be just as nimble. However confident you are in your company’s ability to deal with threats, there’s absolutely nothing to be lost in keeping yourself and your employees updated – not just technically, but by making the effort to understand exactly what it is you face.

If you’re looking for a way to understand cyber-threats, a good place to start is the government’s ’10 Steps To Cyber Security Guide’ or the ‘Cyber Essentials’ initiative.