Why SMEs Should Take Cyber Security Seriously

Whilst cyber security has frequented news headlines in recent times, these high-profile breaches almost always involve large corporations which can lead smaller businesses and organisations into a false sense of security (no pun intended).

Yet it is SMEs who tend to have weaker cyber security defences, limited either by finances, strategy, apathy or a combination of these.

The trouble is that this has made them an easy target for hackers, and not just in theory.

The very real reality is that cyber-attacks against small businesses are frequent and widespread. Earlier this year, Symantec – a company which specialises in enterprise security technology – published research revealing that nearly half of all recorded cyber-attacks against businesses last year were directed at SMEs and small organisations.


SMEs with weak security can be used as a stepping-stone to larger networks

As with most forms of crime, cyber-attacks are often financially motivated. This is usually what leads small business owners to believe that hackers wouldn’t be interested in their networks.

Why would they, when they could go after the much more lucrative data of large corporations? But in today’s increasingly interconnected world, securing our networks has become as much about protecting the data and reputations of those we are associated with as it has our own.

SMEs with weak security defences can provide a gateway to the larger, more lucrative networks of vendors and associates.


The true cost of neglecting cyber security

According to Government research, the average cost of a cyber-attack on SMEs is between £75,000 and £310,800 inclusive of business disruption, lost sales and compensation payouts.

Such is the extent of the damage to the revenues and reputations of some companies that they do, unfortunately, go under as a result.

Whilst the cost of cyber-attacks to large companies can run into millions of pounds, it is, of course, relative. Most SMEs simply don’t have the funds to weather the effects of dealing with a serious data breach.

But, it’s not just the direct cost of a cyber-attack that can harm a small business’ revenues. The perception of inadequate cyber defences, alone, can be enough to harm am SME’s revenues and prevent business growth.


Large businesses are increasingly insisting that their SME suppliers meet minimum security standards

SMEs that fail to take the issue of cyber security seriously risk losing out on vital contracts.

The results from a recent multisector survey of procurement managers in the UK, conducted by KPMG, indicated that the vast majority of large businesses consider cyber security to be an important factor when awarding contracts to SME suppliers. Of the respondents, a massive 86% said that they would consider removing SME suppliers, if they discovered they had been hacked.

An increasing number of large businesses are now insisting that suppliers demonstrate cyber accreditations (Cyber Essentials, ISO27001, IASME certifications or PCI DSS) during the procurement assessment. Whilst the cost of obtaining cyber accreditations often falls on SMEs, themselves, the benefits will far outweigh the required investment.


Investment in cyber security is essential for business success

With procurement managers placing greater importance on cyber security than ever before, the very existence of many an SME depends on its ability to demonstrate that these issues are being taken seriously.

Investment in cyber security will not only protect a business, its partners and clients, but will also go a long way to helping secure contracts and gaining an edge over the competition. Such an investment is crucial for businesses that want to grow and succeed in an increasingly technological world.

This point has been summed up succinctly by George Quigley, of KPMG’s cyber security practice, who stated that: “Cyber security is not just a technical issue anymore; it has become a business critical issue for the UK’s SMEs”.


A full understanding of the risks is the first step towards effective cyber security

When running a small business with limited resources, it’s easy to bury your head in the sand when it comes to complex issues such as cyber security.

But this is definitely not the answer. It won’t protect your business and nor will it promote growth.

The first step to implementing effective cyber security defences is making sure that you, and your entire team, fully understand the threats and vulnerabilities that exist. From here, you can begin to put effective measures in place to protect your business against these.

Large companies certainly are aware of the cyber threats that exist and the risks these pose to their businesses. This is made only too clear by their growing reluctance to work alongside smaller companies that don’t appear to be taking the issue seriously.

By neglecting cyber security, SMEs not only put their critical business data in jeopardy, but also risk being frozen out of the supply chain.

It’s time for SMEs to take cyber security seriously, or put the very survival of their companies and organisations at risk.

Get a copy of our free 15 Point Security Checklist to help you asses your IT security.


Image source: Freerange Stock



see all