Small and medium-sized businesses (SMEs) are under-protected from cybersecurity risk, while the pandemic has increased their vulnerability to attacks. The European Union Agency for Cybersecurity (ENISA) says a third of SMEs have experienced a cyber incident over the past five years. Half believe that a serious incident could completely sink their company.
Despite this level of risk, most SMEs have only basic protections in place. The majority of smaller firms have taken steps such as installing firewalls and anti-virus software, but only a minority routinely train staff on cybersecurity issues or use more sophisticated protection tools.
ENISA’s data suggests that the five most common threats to SMEs are: phishing attacks; web-based raids; general malware; malicious insiders; and denial-of-service strikes. What’s more, measures introduced by many SMEs during the pandemic, including remote-working practices and contactless-payment options, have given cyberattackers new opportunities.
Subscribe to MoneyWeek
Subscribe to MoneyWeek today and get your first six magazine issues absolutely FREE
Sign up to Money Morning
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
Don't miss the latest investment and personal finances news, market analysis, plus money-saving tips with our free twice-daily newsletter
The big challenge, says ENISA, is that managers are not sufficiently focused on the potentially existential threat that cyberattacks pose. As a result, their efforts to counter the threat often fall short of what is required. They don’t invest enough money in cybersecurity, they fail to recruit the right type of cybersecurity expertise, and they favour seemingly quick fixes such as anti-virus software, rather than building a culture of cybersecurity awareness.
Shocking statistics
Such complacency leaves smaller firms exposed. Research published by Vodafone in early 2021 found that 41% of UK SMEs had suffered cyberattacks over the previous 12-month period, with 20% experiencing multiple attacks. It warned that as many as 1.3 million UK SMEs could collapse completely after falling victim to a cyber-attack.
ENISA’s most important recommendation is that SMEs should focus on how to build stronger cultures of cybersecurity, with management working harder to build employees’ awareness. The agency suggests practical steps such as regular cybersecurity audits, training for staff, the development of cybersecurity policies, and work on incident response plans.
More technical steps will also help. Too few SMEs are taking steps to secure their devices, such as installing all software patches and upgrades, encrypting data and focusing on how to manage mobile devices. Network security also needs to be reviewed, particularly as more staff work remotely. Third parties such as suppliers may also be introducing new vulnerabilities.
However, the starting point for many smaller businesses will be to recognise that they represent an attractive target. SMEs are less likely to have robust defences in place than their larger counterparts.
Even simple steps can prove hugely valuable. For example, SMEs that routinely back up their systems and data will be much less vulnerable to ransomware attacks. Firms that introduce multi-factor authentication on remote devices decrease their chances of attackers getting in this way.
-
December 2023 NS&I Premium Bond winners - check now to see what you’ve wonIf you hold money in NS&I Premium Bonds, you can check from today (2 December) to see if you have won in the December prize draw. Here’s how to check.
-
OpenAI – corporate drama unleashed
OpenAI, the firm behind ChatGPT, was in uproar as its boss was booted out, briefly snapped up by Microsoft and then brought back again.
-
Can Lidiane Jones be Bumble's perfect match?
Dating app Bumble is taking on Lidiane Jones, a well-regarded leader in tech, as its new boss. Can she work her magic in a new arena?
-
UK millennials are worse off than previous generations
The evidence shows that millennials today are getting a raw deal. And, ultimately, that's a political choice.
-
The rise and fall of Sam Bankman-Fried – the “boy wonder of crypto”
Why the fate of Sam Bankman-Fried reminds us to be wary of digital tokens and unregulated financial intermediaries.
-
The jury's out on the AI summit at Bletchley Park
World governments gathered for an AI summit at Bletchley Park in November, but were they too focused on threats at the expense of economic benefits?
-
As a market correction begins, money is on the move.
The force of a market correction is equal and opposite to the delusion that preceded it, so we can imagine that the correction will also be unparalleled.
-
How small businesses can retain staff in a competitive job market
Small businesses are struggling to retain staff and compete against large companies with deep pockets.
-
The French economy's Macron bubble is bursting
Cheap debt and a luxury boom have flattered the French economy. That streak of luck is running out.
-
K-pop hitman Bang Si-hyuk aims to repeat BTS phenomenon
Bang Si-hyuk created the world’s biggest boy band, BTS, making K-pop music a global sensation and himself very rich. Can he repeat the trick with a girl band?
