Armour Comms launches first secure Voice over IP... » London: Armour Communications has announced its integration with Skype for Business. Armour Mobile i... Anam Technologies selected by Deutsche Telekom a... » DUBLIN, BONN:  Anam Technologies has gone into partnership with Deutsche Telekom International Carri... 6.7 percent of programmes on private UK PCs are en... » Maidenhead, U.K: The average private user in the UK has 72 programmes installed on their PC, and 6.7... Multitone’s EkoSecure Personal Alert System chos... » Multitone Electronics plc has announced that its German-based team, Multiton Elektronik GmbH, has su... IoT 2020: Smart and secure IoT platform » Geneva, Switzerland: The Internet of Things (IoT) significantly impacts the global economy and is ex... Letterbox company to keep properties safe with inn... » A specialist mailbox manufacturer has made a pledge to enhance the security of UK properties through... MDS expands portfolio of cost analytics solution... » Warrington, UK: MDS has announced the launch of a suite of cost efficiency analytic solutions design... Post-Truth, Post-West, Post-Order? » Munich Security Report 2017 With Foreword By Ambassador Wolfgang Ischinger, Chairman of the Munich ... NuData Security comments on fraud costing the UK £... » Crowe Clark Whitehill has just released its Financial Cost of Fraud report  which states that fraud ... Edesix selected as body worn camera provider for U... » Edinburgh-based Edesix Ltd. has been selected as the Body Worn Camera provider of choice for Her Maj...


Viewpoints Header

Inertia and a lack of time or specialist skills means many SMBs remain woefully underprepared for a cybersecurity breach

Juggling a multitude of daily business and operational challenges, it’s no surprise that cyber security often slips down the SMB agenda. But as the Verizon 2016 Data Breach Investigations Report reveals, one-third of businesses that experienced data loss from a cyber attack in 2015 were SMBs.


Despite acknowledging news stories about attacks on large corporations and big brand names, SMBs often have a misplaced belief they are too small to present a tempting target. But with fewer defences, SMBs represent rich pickings for digital attackers. Indeed, according to the UK’s Federation of Small Business (FSB), smaller businesses are collectively attacked seven million times a year, costing the UK economy an estimated £5.26 billion.

In response, some SMBs have adopted a ‘we’ll deal with it, if and when it happen’ stance, accepting they will just have to take the hit of paying criminals to regain access to their data or files. But this approach assumes cybercriminals are honourable and will release their malware grip – and won’t be back for a second bite sometime soon.

It also ignores the reality that the cost implications of an attack extend way beyond the ransom payment itself. SMBs will also need to factor in the hours of lost workforce productivity, loss of customer confidence and reputational damage.

While some SMBs rationalise that cyber attacks are now just part and parcel of doing business today – believing that bearing the brunt of a ‘one off’ $300 to $600 digital currency payment to regain access to their network or data is cheaper than paying for data protection services – the true impact is much more significant.

Indeed, the combined outlay related to breach reporting, regulatory fines, organisation downtime and system repairs means the average cost of a data breach is now estimated to be around $36,000.

Guarding against cybercrime – SMBs ignore the basics

According to the UK government’s most recent Cyber Security Breaches Survey 2016, 51% of medium sized firms detected one or more cyber security breaches in the last 12 months, 68% of which were virus, spyware or malware related.

Despite this, only 29% had a formal written cyber security policy, just 10% had a formal incident management plan and only 25% had set security standards for their suppliers. Worryingly, just 22% of small and 38% of medium sized firms had delivered cyber security training to staff in the last 12 months.

The 2016 security breaches report also reveals cyber security is often viewed as just an IT issue – with senior business managers having little or no visibility of best-practice standards or companywide approaches and issues. With no specialist staff on the payroll, all too often generalist IT staff are left holding the cyber security baby.

Taking action on cyber security – a 5-step plan

Dealing with the fast evolving threat posed by cyber attacks should be a priority for SMBs, who should take appropriate actions to ensure best-practice standards are in place:

1 View cyber security as a business performance or compliance issue and not solely an IT problem – IT security needs a centralised approach with clear accountability. Key individuals – including board members – need to champion the issue, enabling an organisation-wide staff culture that emphasises customer confidentiality and good data management.

2 Understand the risks – a risk assessment is the critical starting point for identifying specific risk exposure and putting solutions in place. This process should include an accurate assessment of the direct costs involved in dealing with a breach as well as the knock on effects of a breach on the wider business.

3 Implement security best practices – prepare written cyber security policies and formal incident management processes; user education and training are also key.

4 A comprehensive approach to cyber security should include advanced approaches like data encryption rules to secure cloud-based backup systems and private data stores.

5 Partner with a managed service provider to fast-track implementation of security best practices and technologies that minimise risks. Specialist providers can help pinpoint potential vulnerabilities and prepare an informed strategy that minimizes the risk of a successful attack.