New research by the government’s Cyber Streetwise campaign has found that SMEs “are putting a third (32%) of their revenue at risk because they are falling for some of the common misconceptions around cyber security, leaving them vulnerable to losing valuable data and suffering both financial and reputational damage”.
Asked if they agreed with a number of cyber security myths, 78% of respondents believed at least one:
- 26% wrongly believed that “only companies that take payments are online are at risk of cyber crime”.
- 22% wrongly believed that small companies “aren’t a target for hackers”.
- 66% of SMEs wrongly believed that their businesses is not vulnerable to attack.
Lacking the security budgets that larger organisations employ to protect their critical information, SMEs are actually a more attractive target for cyber criminals. The information they hold is very valuable on the open market and is often poorly protected. As the government report notes: “Last year, 33% of small businesses suffered a cyber attack from someone outside their business.”
The result of these attacks is severe: “The Government’s Information Security Breaches Survey also found that the average cost of the worst security breach is between £65,000 and £115,000 and can result in a business being put out of action for up to ten days.” Many breached organisations don’t recover at all.
Pressed further about their attitudes towards cyber security:
- 24% of respondents think that “cyber security is too expensive to implement”.
- 22% say that, when it comes to cyber security, they “don’t know where to start”.
If you would have answered similarly, then read on.
Launched in 2014, the government’s Cyber Essentials scheme provides a set of five controls that organisations can implement to establish a baseline of cyber security, and against which they can achieve certification to prove their credentials.
Certification to the scheme will demonstrate to your customers and business partners that fundamental cyber security measures are in place, and provides evidence to validate your organisation’s security posture.
For a no-nonsense introduction to the Cyber Essentials scheme, order your copy of Cyber Essentials – A Pocket Guide for only £3.49 now. Click here for more information >>
IT Governance is a CREST-accredited Cyber Essentials certification body. To find out how our fixed-price Cyber Essentials solutions can help you achieve Cyber Essentials certification for as little as £300, click here for more information >>
Beyond Cyber Essentials, organisations that want to improve their cyber security postures should consider implementing an information security management system (ISMS), as set out in the international standard ISO 27001, to ensure they have the right policies and procedures to manage their information assets.