Small and medium-sized businesses (SMEs) are under-protected from cybersecurity risk, while the pandemic has increased their vulnerability to attacks. The European Union Agency for Cybersecurity (ENISA) says a third of SMEs have experienced a cyber incident over the past five years. Half believe that a serious incident could completely sink their company.
Despite this level of risk, most SMEs have only basic protections in place. The majority of smaller firms have taken steps such as installing firewalls and anti-virus software, but only a minority routinely train staff on cybersecurity issues or use more sophisticated protection tools.
MoneyWeek
Subscribe to MoneyWeek today and get your first six magazine issues absolutely FREE
Sign up to Money Morning
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
The big challenge, says ENISA, is that managers are not sufficiently focused on the potentially existential threat that cyberattacks pose. As a result, their efforts to counter the threat often fall short of what is required. They don’t invest enough money in cybersecurity, they fail to recruit the right type of cybersecurity expertise, and they favour seemingly quick fixes such as anti-virus software, rather than building a culture of cybersecurity awareness.
Shocking statistics
Such complacency leaves smaller firms exposed. Research published by Vodafone in early 2021 found that 41% of UK SMEs had suffered cyberattacks over the previous 12-month period, with 20% experiencing multiple attacks. It warned that as many as 1.3 million UK SMEs could collapse completely after falling victim to a cyber-attack.
ENISA’s most important recommendation is that SMEs should focus on how to build stronger cultures of cybersecurity, with management working harder to build employees’ awareness. The agency suggests practical steps such as regular cybersecurity audits, training for staff, the development of cybersecurity policies, and work on incident response plans.
More technical steps will also help. Too few SMEs are taking steps to secure their devices, such as installing all software patches and upgrades, encrypting data and focusing on how to manage mobile devices. Network security also needs to be reviewed, particularly as more staff work remotely. Third parties such as suppliers may also be introducing new vulnerabilities.
However, the starting point for many smaller businesses will be to recognise that they represent an attractive target. SMEs are less likely to have robust defences in place than their larger counterparts.
Even simple steps can prove hugely valuable. For example, SMEs that routinely back up their systems and data will be much less vulnerable to ransomware attacks. Firms that introduce multi-factor authentication on remote devices decrease their chances of attackers getting in this way.
-
MoneyWeek celebrates 25 yearsMoneyWeek is 25 and continues to help readers make, keep and spend money every week
-
Pensions IHT reform: major changes needed says former ministerExperts are calling on the government to make the system for applying inheritance to pensions ‘more effective, efficient and humane’
-
The Stella Show is still on the road – can Stella Li keep it that way?Stella Li is the globe-trotting ambassador for Chinese electric-car company BYD, which has grown into a world leader. Can she keep the motor running?
-
LVMH is set to prosper as the wealthy start shopping againAfter two years of uncertainty, the outlook for LVMH is starting to improve. Is now a good time to add the luxury-goods purveyor to your portfolio?
-
Japan is still rising to new highs – here's how to investOpinion Political ructions in Japan are no obstacle to gains, and the return of inflation may even benefit stocks, says Max King. What is Japan doing right?
-
Investors need to get ready for an age of uncertainty and upheavalTectonic geopolitical and economic shifts are underway. Investors need to consider a range of tools when positioning portfolios to accommodate these changes
-
Investing in UK universities: how to spin research into profitsUK universities are a vital economic asset, but they are also Britain's 'equivalent of Gulf oil.' There are opportunities here for investors
-
Lessons from Nobel Prize winners in economics on how to nurture a culture of growthThe Nobel Prize in economics went to three thinkers who show us why economies grow and how we can help them do so. Governments would be wise to heed the lessons
-
'It’s time for Rachel Reeves to secure her legacy'Opinion Rachel Reeves has been a dreadful chancellor, and it's hard to see her remaining in office for another whole year. She could at least depart with some dignity
-
Yoshiaki Murakami: Japan’s original corporate raiderThe originator of Japanese activism, Yoshiaki Murakami, was disgraced by an insider-trading scandal in 2006. Now, he's back, shaking things up
