Scotland’s SMEs – how much should be invested in cyber security?

With only 40% of organisations confident that they can prevent cyber attacks and 42% of micro/small businesses identifying at least one breach or attack in the last 12 months, it is only too clear why businesses need to invest more in cyber security.

The Scottish Government launched its Public Sector Action Plan on Cyber Resilience  in November 2017, which outlines how Scottish public bodies can improve cyber security and be more secure online.

The arrival of the EU GDPR (General Data Protection Regulation) and the NIS Regulations (Directive on network and information systems) require decisive action to ensure continuity of service delivery. Non-compliance with these two key pieces of legislation can have significant ramifications.

By the end of October 2018, all Scottish public bodies must have independent assurance of their critical cyber security controls by achieving either Cyber Essentials or Cyber Essentials Plus certification. However, with almost 40% of Scottish small and medium-sized enterprises spending nothing on IT security, it seems that most of the public sector is yet to act.

Read more about the Scottish Public Sector Cyber Resilience Framework >>

The average cost of a cyber attack in the UK was around £3 million in 2017. However, it’s not just the organisation’s profitability that can be hit. There are wide-reaching consequences to suffering a cyber attack.

Top five consequences of a cyber attack

  • Financial damage
  • Reputational damage
  • Regulatory fines
  • Loss of confidence
  • Loss of clients/business

How do I protect myself against a cyber attack?

Organisations need a solid foundation on which to build their cyber security strategies. The Cyber Essentials scheme provides five security controls that, according to the UK government, could prevent “around 80% of cyber attacks”, and is the perfect start for organisations in the public sector beginning their journey towards becoming secure.

When exploring Cyber Essentials options, you should select a CREST-accredited certification body. This will enable you to benefit from the added level of independent verification of your cyber security status and boost your competitiveness.

IT Governance is the leading CREST-accredited supplier of Cyber Essentials and has awarded hundreds of certifications. Cyber Essentials clients include Vodafone, Airbus Defence and Space Ltd, Action for Children, NHS Professionals and Lockheed Martin.

To take your next steps towards cyber resilience, sign up for our Cyber Essentials certification package or get in touch and we’ll be happy to discuss your concerns with you.

Kick-start your training today >>                         Speak to an expert >>