Why are some SMEs still snoozing in the face of cyber security shortcomings? Matt Burton, Chief Client Officer for Ignata, discusses how good cyber security protocols win business
What keeps you awake at night? Many business leaders, who need sight of everything from staff wellbeing to minute financial details, can be forgiven for having a long list of worries on their minds. But how far up that priority list does cyber security come?
Surveys suggest that data integrity and protection are becoming an increasingly important concern for the owners and managers of SMEs. A Barclaycard poll of small and medium businesses in summer 2016, for example, found that just 20% cited cyber crime as a top priority. A year later, in June 2017, another Barclaycard poll found that 44% of small business owners were concerned about falling victim to cybe rcrime or a data breach – even making it a bigger worry than Brexit.
Still, that leaves over half of SME leaders without cyber crime on their agendas. Do these businesses think they’re invulnerable to the threat? Do they think they can slip below the radar of cyber criminals? Or are they simply burying their heads in the sand because the prospect of responding to the threat seems overwhelming?
All sizes of businesses are at risk
Once upon a time the majority of malware, social engineering and other cyber attacks were targeted at huge organisations, with massive volumes of data available to harvest.
Now cyber criminals have awoken to the fact that small businesses may also contain a wealth of tempting information; from email databases that can be targeted with mass spam campaigns, to valuable financial and sensitive data – all of which may be less guarded than in bigger organisations. What’s more, cyber criminals have an ever-growing arsenal of techniques at their disposal, including powerful mass phishing manoeuvres that can target thousands of SMEs with little more than the click of a button. Little wonder, perhaps, that the government’s latest Cyber Security Breaches Survey found that 45% of micro and small businesses have experienced a data breach over the previous year. The conclusion is simple: small and medium size business owners who think that they aren’t going to be targeted by cyber crime are burying their heads in the sand.
Cybersecurity wins business
Now for a more positive take on cyber security. Taking data protection seriously isn’t just a defensive stance – it’s increasingly a business-winning one too. Public awareness of cyber crime has never been higher. Major cyber attacks, like the global WannaCry ransomware campaign in spring 2017, hit news headlines on a regular basis, while Russian interference in the 2016 United States elections has dominated the news agenda for over a year. Malware and malicious hackers are no longer fringe issues discussed in the technology pages of the media; they are mainstream political and business concerns.
More and more organisations are also subject to regulatory checks and legal protocols that demand specific cyber security standards, with certificates to show for it. For example, any business handling card payment details must meet the PCI DSS framework. Some of these regulations have been in place for a long time, but the General Data Protection Regulation (GDPR), due to come into force this May, along with increased public awareness, seems to have brought things to a tipping point.
Businesses and consumers alike, therefore now also know, that robust cyber security is something they can, and should, demand to see proof of. Many of those legal and regulatory frameworks, including GDPR, have created chains of responsibility between organisations. In other words, it’s no longer enough for businesses to shore up their own cyber security; they need to consider the security of their partners and suppliers too.
SMEs that are able to clearly demonstrate a sophisticated and strategic approach to cyber security, with official certifications where necessary, are far more likely to be considered a safe bet by customers.
Cyber security skills are easier to come by than you think
While some SME leaders might be convinced by the risks of a malicious or accidental data breach, and the potential business-winning rewards of shoring up their security, they may still think that smart cyber security is out of their reach. Surely it’s expensive or complicated to implement, right? Isn’t it going to involve hiring a head of security who needs to sit at board level, or else going out to a third party who charges hefty consultancy fees? The cybersecurity skills gap in the UK corporate sector has been well-documented, with organisations seemingly struggling to kit out complete teams of security experts.
However, small and medium-sized businesses may be at an advantage here. A happy side effect of the increasing attention paid to cyber security is that skills in this area are becoming far more commonplace alongside general IT skills. If your business handles unusually sensitive data or is subject to a particularly rigorous regulatory framework, then you may need more specialist assistance. But, more and more generalist IT managers now have an impressive security string to their bow too.
In short, the increasing profile of both cyber crime and cyber security means that not only will your customers, partners and even your staff expect you to take this threat seriously, but it has actually become easier to do so.
That’s surely worth a good night’s sleep?