Small businesses are a huge part of the British economy as in 2017 for example, there were 5.7 million businesses in the UK, 99% of which were small or medium sized enterprises (SMEs) employing fewer than 250 people.
Around 5.5 million (96%) of these were micro-businesses, employing fewer than nine people each. These smaller businesses account for 33% of employment and 22% of turnover nationwide. However the cyber threat remains real, and they are not too small to be targeted by malware, ransomware, botnets and phishing that have become all too common in recent years.
Reality Check
Evidence of this came from a 2017 report by the Federation of Small Businesses (FSB) which revealed that two-thirds of its members claimed they had been victims of cyber-attacks between 2014 and 2016. Yet in a recent YouGov survey of micro businesses , only 11% said that they had been so affected.
So which figure is right? Either micro businesses have significantly improved their cybersecurity in the last couple of years, or the reporting figure by victims of crime is wrong.
The answer here is more likely to be a matter of perception being out of step with reality. The same survey, for example, found that only 14% of those businesses actually have the means to detect if they’ve been compromised – yes, that’s right, 14% - so it’s probably the case that most businesses just don’t realize that they’ve being hacked until it’s too late.
Cybersecurity is simply not that big an issue most of the time – so said 80% of micro business decision makers who responded to the survey. When asked about their top business priorities, ‘improving working efficiency’ (37%) came out top, with ‘expanding into new markets’ and ‘creating new products and services’ (both 28%) following up. Cybersecurity came fourth (20%) out of a list of six options.
Are You Using Protection?
While it may sound reassuring that 84% of micro businesses have some form of cybersecurity protection in place, the picture becomes slightly more complicated when we look at what types of security they have actually implemented.
The survey found that 73% report having some form of ‘security software’ which is readily available, with no customization before installation needed and 63% have a firewall to monitor traffic to and from their network such as the internet.
Getting an alert to update operating systems and computer software always seem to happen at the most inconvenient time, right when you’re in the middle of something and up against a deadline or when you’re just about to shut down for the night, so that’s maybe why only 53% update their programs and systems regularly as part of their security strategy.
Perhaps most concerning is that 16% either have no cybersecurity measures in place at all or admit that they ‘don’t know’.
Where Do We Go To From Here?
This recent YouGov survey, which reports that only 20% of respondents list cybersecurity as a high priority for their business, shows that many micro businesses are definitely in the dark over the extent to which it could affect their business or sector.
No business, however small, is immune from ransomware, phishing, hacking and basic human error, and yet it is difficult for small businesses to develop a cybersecurity strategy when they are not familiar with the ins and outs of the cybersecurity market.
It is a common misconception that smaller businesses are not worth attacking, but that can lead to complacency and a more lax attitude towards security, who lack in-house expertise and then have to spend out more money when disaster strikes.
There is clearly an opportunity for providers of cloud-based and managed services to educate micro businesses about the cybersecurity risks they face, and the clearly misunderstood role that the cloud can play in alleviating them.
There are also great resources available from the likes of NCSC and Get Safe Online which can aid businesses in getting best practice advice, the challenge lies in connecting the small businesses with that advice.