Many business leaders, who need sight of everything from staff wellbeing to minute financial details, can be forgiven for having a long list of worries on their minds. But how far up that priority list does cybersecurity come?
Surveys suggest that data integrity and protection are becoming an increasingly important concern for the owners and managers of SMEs. A Barclaycard poll in the summer of 2016, for example, found that just 20 per cent cited cybercrime as a top priority. A year later, in June 2017, another Barclaycard poll found that 44 per cent of small business owners were concerned about falling victim to cybercrime or a data breach – even making it a bigger worry than Brexit!
Still, that leaves over half of SME leaders without cybercrime on their agendas. Do they think their businesses are invulnerable to the threat? Do they think they can slip below the radar of cybercriminals? Or are they simply burying their heads in the sand because the prospect of responding to the threat seems overwhelming?
All sizes of businesses are at risk
Once upon a time the majority of malware, social engineering and other cyberattacks were targeted at huge organisations, with massive volumes of data available to harvest. Now cybercriminals have awoken to the fact that small businesses also contain a wealth of tempting information; from email databases that can be targeted with mass spam campaigns, to valuable financial and sensitive data – all of which may be less guarded than in bigger organisations.
What’s more, cybercriminals have an ever-growing arsenal of techniques at their disposal, including powerful mass phishing manoeuvres. Little wonder, perhaps, that the government’s latest Cyber Security Breaches Survey found 45 per cent of micro and small businesses have experienced a data breach over the previous year. The conclusion is simple: SME bosses who think they aren’t going to be targeted are burying their heads in the sand.
Cybersecurity wins business
Now for a more positive take on cybersecurity. Taking data protection seriously isn’t just a defensive stance – it’s a business-winning one too. Public awareness of cybercrime has never been higher. Major cyber-attacks, like the global WannaCry ransomware campaign in spring 2017, made headlines on a regular basis, while Russian interference in the 2016 US elections dominated the news agenda for over a year.
Malware and malicious hackers are no longer fringe issues discussed in the technology pages of the media; they are mainstream political and business concerns. More organisations are also subject to regulatory checks and legal protocols that demand specific cybersecurity standards, with certificates to show for it. For example, any business handling card payment details must meet the PCI DSS framework.
Some of these regulations have been in place for a long time, but the General Data Protection Regulation (GDPR), due to come into force this May, along with increased public awareness, seems to have brought things to a tipping point.
Bosses and consumers alike now also know, robust cybersecurity is something they can, and should, demand to see proof of. Many of those legal and regulatory frameworks, including GDPR, have created chains of responsibility between organisations. SMEs that are able to clearly demonstrate a sophisticated and strategic approach to cybersecurity, with official certifications where necessary, are far more likely to be considered a safe bet by customers.
Cybersecurity skills are easier to come by than you think
While some SME leaders might be convinced by the risks of a malicious or accidental data breach, and the potential business-winning rewards of shoring up their security, they may still think that smart cybersecurity is out of their reach.
Surely it’s expensive or complicated to implement, right? Isn’t it going to involve hiring a head of security who needs to sit at board level, or else going out to a third party who charges hefty consultancy fees? The cybersecurity skills gap in the UK corporate sector has been well-documented, with organisations seemingly struggling to kit out complete teams of security experts.
However, SMEs may be at an advantage here. A happy side effect of the increasing attention paid to cybersecurity is that skills in this area are becoming far more commonplace alongside general IT skills. If your business handles unusually sensitive data or is subject to a particularly rigorous regulatory framework, then you may need more specialist assistance. But, more and more generalist IT managers now have an impressive security string to their bow too.
In short, the increasing profile of both cybercrime and cybersecurity means that not only will your customers, partners and even your staff expect you to take this threat seriously, but it has actually become easier to do so.
That’s surely worth a good night’s sleep.
Matt Burton is chief client officer for Ignata
Share this story