Many business leaders, who need sight of everything from staff wellbeing to minute financial details, can be forgiven for having a long list of worries on their minds. But how far up that priority list does cybersecurity come? Surveys suggest that data integrity and protection are becoming an increasingly important concern for the owners and managers of SMEs. A Barclaycard poll in the summer of 2016, for example, found that just 20 per cent cited cybercrime as a top priority. A year later, in June 2017, another Barclaycard poll found that 44 per cent of small business owners were concerned about falling victim to cybercrime or a data breach – even making it a bigger worry than Brexit! Still, that leaves over half of SME leaders without cybercrime on their agendas. Do they think their businesses are invulnerable to the threat? Do they think they can slip below the radar of cybercriminals? Or are they simply burying their heads in the sand because the prospect of responding to the threat seems overwhelming?
All sizes of businesses are at risk
Once upon a time the majority of malware, social engineering and other cyberattacks were targeted at huge organisations, with massive volumes of data available to harvest. Now cybercriminals have awoken to the fact that small businesses also contain a wealth of tempting information; from email databases that can be targeted with mass spam campaigns, to valuable financial and sensitive data – all of which may be less guarded than in bigger organisations. What’s more, cybercriminals have an ever-growing arsenal of techniques at their disposal, including powerful mass phishing manoeuvres. Little wonder, perhaps, that the government’s latest Cyber Security Breaches Survey found 45 per cent of micro and small businesses have experienced a data breach over the previous year. The conclusion is simple: SME bosses who think they aren’t going to be targeted are burying their heads in the sand.
Cybersecurity wins business
Now for a more positive take on cybersecurity. Taking data protection seriously isn’t just a defensive stance – it’s a business-winning one too. Public awareness of cybercrime has never been higher. Major cyber-attacks, like the global WannaCry ransomware campaign in spring 2017, made headlines on a regular basis, while Russian interference in the 2016 US elections dominated the news agenda for over a year. Malware and malicious hackers are no longer fringe issues discussed in the technology pages of the media; they are mainstream political and business concerns. More organisations are also subject to regulatory checks and legal protocols that demand specific cybersecurity standards, with certificates to show for it. For example, any business handling card payment details must meet the PCI DSS framework. Some of these regulations have been in place for a long time, but the General Data Protection Regulation (GDPR), due to come into force this May, along with increased public awareness, seems to have brought things to a tipping point. Bosses and consumers alike now also know, robust cybersecurity is something they can, and should, demand to see proof of. Many of those legal and regulatory frameworks, including GDPR, have created chains of responsibility between organisations. SMEs that are able to clearly demonstrate a sophisticated and strategic approach to cybersecurity, with official certifications where necessary, are far more likely to be considered a safe bet by customers.
Cybersecurity skills are easier to come by than you think
While some SME leaders might be convinced by the risks of a malicious or accidental data breach, and the potential business-winning rewards of shoring up their security, they may still think that smart cybersecurity is out of their reach. Surely it’s expensive or complicated to implement, right? Isn’t it going to involve hiring a head of security who needs to sit at board level, or else going out to a third party who charges hefty consultancy fees? The cybersecurity skills gap in the UK corporate sector has been well-documented, with organisations seemingly struggling to kit out complete teams of security experts. However, SMEs may be at an advantage here. A happy side effect of the increasing attention paid to cybersecurity is that skills in this area are becoming far more commonplace alongside general IT skills. If your business handles unusually sensitive data or is subject to a particularly rigorous regulatory framework, then you may need more specialist assistance. But, more and more generalist IT managers now have an impressive security string to their bow too. In short, the increasing profile of both cybercrime and cybersecurity means that not only will your customers, partners and even your staff expect you to take this threat seriously, but it has actually become easier to do so. That’s surely worth a good night’s sleep. Matt Burton is chief client officer for Ignata
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.