Almost three-quarters (74%) of UK small and medium-sized enterprises (SMEs) think they are safe from cyber attack, despite half of them admitting having suffered a data breach, according to a report by Juniper Research.
Download this free guide
Your exclusive guide to CIO trends
A collection of our most popular articles for IT leaders from the first few months of 2016, including: – Corporate giants recruit digitally-minded outsiders to drive transformation – Analytics platforms to drive strategy in 2016 – Next generation: The changing role of IT leaders.
The research found that 50% of small businesses have suffered a data breach, two-thirds of them in the past year.
Most (86%) of the SMEs surveyed also think they are doing enough to counter the effects of cyber security attacks.
More than a quarter (27%) think they are safe from attack because they are small and of no interest to cyber criminals.
Windsor Holden, head of forecasting and consultancy at Juniper Research, said a cyber attack could cost a company millions of pounds in lost data, reputation, time and customers. “Yet our study shows that businesses believe they are far more secure than they really are,” he said.
When it comes to responding to a data breach, almost 90% of UK SMEs said they had a plan in place.
As for responsibility for cyber security, 33% of the SMEs considered it their IT department’s sole responsible to handle security threats and only one-quarter had a dedicated security executive at board level.
Kristine Olson-Chapman, general manager at TalkTalk Business, said: “For us, cyber security is no longer just a technology issue, it’s a business issue for the whole company. Any business that has ever had a cyber attack will tell you they never expected it, even with all the processes in place. Businesses need to ask themselves what they need to do now to plan and prepare.”
Figures from Juniper’s research show that SMEs are addressing cyber security, but a lot more work is needed. Almost half (48%) have secure practice guidelines in place, 47% give secure practice induction briefings, 25% have a dedicated security executive, 27% conduct penetration tests to assess the likelihood of an attack, and 31% monitor emails for phishing attempts.
There is still naivety about the significance of a data breach, according to the report, which revealed that although 69% of respondents would contact someone immediately if they discovered a cyber breach, 18% would wait until the next working day if they did not consider it a big problem.