Many large organizations rely on small and medium-sized enterprises (SMEs) to deliver essential services and products to their operations. Unfortunately, these large companies are often exposing themselves to great risk by working with SMEs without even realizing it. That’s because the average SME is 10 times less likely to have an information security system set up than a larger business, according to a recent survey by Shred-it, the UK’s largest information security firm.
The third annual Security Tracker survey conducted by Shred-it revealed that SMEs are not taking the measures necessary to protect data when disposing of documents and hard drives. As a result, this places the SME and the large organizations they work with at great risk for costly data breaches.
The reality in today’s landscape is that SMEs are facing the same threats to data security as larger businesses, only SMEs don’t have the same budgets to devote to the issue as bigger companies. Despite the fact that regulations are in place that SMEs must comply with to ensure data security, many of these enterprises are not in compliance and see compliance as time-consuming, expensive, and a general nuisance.
However, some experts believe SMEs are making it seem much more challenging than it really is to be in compliance with data security regulations. Robert Guice, Vice President Shred-it EMEA said, “We believe that smaller companies maybe over-estimating the costs involved in making sure confidential information is kept safe.”
In many cases, however, SMEs are not even aware of data protection regulations. The Shred-it report also revealed that large businesses are more than twice as likely to be aware of EU Data Protection Directive reforms as small businesses, and they are also significantly more likely to be aware of the UK Data Protection Act (92 percent) than small business owners (72 percent).
The High Cost of a Data Breach
Large companies working with SME suppliers would be well advised to ensure their vendors have an information security system in place. The damage caused by a data breach could be enough to sink a company in some cases.
The Shred-It survey showed that 2 in every 5 large businesses suffering a data breach have seen losses of more than £500,000. Additionally, those found to be non-compliant with regulations can be fined up to £500,000 by the Information Commissioner’s Office in the UK. In fact, the average fine levied is about £150,000 – that’s costly enough to require 30% of companies to initiate layoffs.
In addition to financial consequences, the other issue that large companies need to consider is that a data breach caused by an SME could cause that supplier to suffer serious reputational damage. Combined with the financial consequences of a data breach, this could be enough to put the supplier out of business, causing a serious kink in the supply chain of the large business. This could lead to an even bigger hit in the bottom line of large organization, compounding the damage of the data breach.
How Large Organizations can Limit Risk
Because so many SMEs do not take necessary information security measures, it’s important for large businesses to exercise due diligence when exploring their options for suppliers. It’s smart business sense for large organizations to verify their suppliers have a data protection partner and information security system in place to protect against threats to data security. Those with current SME suppliers are encouraged to work with vendors to improve their data security measures so the integrity of the supply chain isn’t disturbed.