1 in 3 small firms ‘have no cyber security strategy’
Published On: March 20, 2019 |
Almost a third of small businesses in the UK could be putting themselves and their customers at risk because they have not taken any formal steps to protect their systems from cyber security threats, a new report has warned.
Research conducted by Business in the Community found some 30 per cent of small businesses do not have any plan for this, compared with just four per cent of medium-sized firms.
This is not just concerning for the organisations themselves, but it could also potentially endanger any individuals and companies they do business with. The report noted this is particularly worrying from a supply chain perspective, as today's interconnected world means it may often be possible for hackers to gain access to a large enterprise by taking advantage of smaller, less well-protected suppliers.
Indeed, it highlighted incidents such as last year's attack on Ticketmaster, which compromised the details of around 40,000 customers. Upon investigation, it was discovered that while the firm's systems themselves were not breached, one of its suppliers, which operated the website's chatbot, was hacked.
This highlights how firms of all sizes are at risk of cyber attacks. Even if smaller enterprises do not believe themselves to be worth the effort of hacking, the access it could give criminals to their customers can be hugely valuable, and allow them to bypass the much more robust defences of the primary target.
Business in the Community's report stated: "Cyber attacks may not be on the top of your priority list. However, cyber-related incidents are more common than you think. Moreover, small businesses do not always realise they can be the gateway to big businesses’ data loss; a breach in a supply chain or the loss of customers’ data could spell the end for many small businesses."
The research also revealed that even where small and medium-sized enterprises are taking steps, the measures they take are often fairly rudimentary. For instance, more than two-thirds of firms have no measures in place to control who has access to systems and data, while more than one in five described their policies as "informal".
Share This Post, Choose Your Platform!
With over 20 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.