A third of small businesses have no cyber security strategy

Research suggests small businesses could be a gateway to data held by larger organisations

Shady fellow in hoody standing behind numbers

A third of smaller businesses in the UK have not implemented a cyber security strategy and could be unwittingly acting as a gateway to larger organisations, according to research. 

Charity Business in the Community (BITC) commissioned a YouGov study with the aim of better understanding the current cyber security practices of small and medium-sized businesses (SMBs) in the UK.

The report focused on SMB resource investment in terms of cyber security and breaks down the results by business size, sector and location.

Despite the GDPR legislation coming into force almost a year ago, only 35% of SMBs have a basic data protection policy and just 29% have a policy for controlling access to systems. Most damning, though, is the fact that one quarter of SMBs do not have any cyber security strategies in place.

Advertisement
Advertisement - Article continues below

The numbers seem worse when broken down by size, with the differences between cyber security measures at small and medium-sized businesses showing a significant gap. For example, 30% of small businesses do not have any cyber security strategies in place, compared to just four percent of medium-sized businesses.

What is interesting about these findings is that the report suggests these smaller businesses are potential gateways to larger organisations, particularly from a supply chain perspective, as seen with the data breach suffered by Ticketmaster in June. After a third-party vendor was hit with a malware attack, some 40,000 of its UK customers were affected by a data breach. 

This could also be fatal for a small business. Over the past year, companies as big as British Airways, Facebook, Equifax and Ticketmaster have suffered data breaches and security issues, but all are large organisations with the resources to defend against attacks. The report warns that smaller businesses that suffer such incidents don't have the same protection in place.

"We may think large businesses have all the requisite controls necessary to deal with a cyber disruption, yet businesses of all sizes are at risk," the report said.

"Moreover, small businesses do not always realise they can be the gateway to big businesses data loss; a breach in a supply chain or the loss of customers data could spell the end for many small businesses."

Featured Resources

The IT Pro guide to Windows 10 migration

Everything you need to know for a successful transition

Download now

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

Download now

Software-defined storage for dummies

Control storage costs, eliminate storage bottlenecks and solve storage management challenges

Download now

6 best practices for escaping ransomware

A complete guide to tackling ransomware attacks

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/identity-and-access-management-iam/354289/44-million-microsoft-customers-found-using
identity and access management (IAM)

44 million Microsoft customers found using compromised passwords

6 Dec 2019
Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/hardware/354237/five-signs-that-its-time-to-retire-it-kit
Sponsored

Five signs that it’s time to retire IT kit

29 Nov 2019
Visit/business/business-strategy/354195/where-modernisation-and-sustainability-meet-a-tale-of-two
Sponsored

Where modernisation and sustainability meet: A tale of two benefits

25 Nov 2019