“Cyber risk is a business risk, and it needs to be treated like one. That means you need to understand it.” These were the words of Ciaran Martin, CEO of the National Cyber Security Centre (NCSC) when he took to the podium at the recent CBI Cyber Conference.
While Ciaran was aiming his speech at corporate businesses and their boards, his advice remains pertinent for those at the other end of the scale too; SMEs need to understand cyber risk and be prepared, or the cost can be crippling.
Statistics from Business in the Community (BITC) show that 17% of all those hit by an attack require a least a day to recover. The cost of a day of lost trading, combined with reputational damage and the operational upheaval of data loss, can’t be overestimated for businesses operating close to the profit line.
New independent research into the struggle of UK small and medium sized businesses (SMBs) against cyber criminals showed that 32% of companies faced four to five attacks in a year, with almost 20% facing up to ten. Unfortunately, cyber risks are amplified for SMBs by the fact that security and encryption software often caters solely for large corporates or governments; a third of all IT directors believe the country’s small business community in particular is being overlooked.
It is hoped that the tide will start to turn soon, courtesy of Government funding and various regional initiatives to support SMEs. For example, in September the £6m Greater Manchester Cyber Foundry was announced, where cyber security research will be used to create new products and services aimed solely at SMEs. Also, in Worcestershire, SMEs are being encouraged to apply to the ‘Be Cyber Secure Grant Fund’ for financial support to help them improve their cyber security.
Even when help becomes more readily available it will always be crucial for SMEs to take responsibility for their own cyber resilience. This starts with understanding cyber security, from the risks and the company vulnerabilities to the correct strategies for protection. For a small business with little experience in cyber security practices this is a challenging task – but by no means impossible.
A good starting point is establishing how ‘cyber ready’ the business truly is. The BITC is currently running a survey that allows SMEs to assess their existing cyber readiness, before offering some practical guidance on how to improve their cyber security practices. The advice is straightforward, and can be divided into three key steps:
- Know the Basics – understand the words that are being used regularly in the news, such as ransomware, phishing and spyware.
- Protect your business – take steps to protect the business in simple and expedient ways. This includes installing a firewall and practicing good password management to keep accounts secure.
- Know how to recover – plan for the worst-case scenario so that any cyber breach can be contained, reputation-damage can be limited, and lost data can be restored swiftly.
There is more detailed advice on the BITC webpage, while the NCSC has published an SME-focused guide on cyber security. There is also a downloadable booklet – ‘Keeping Your Business Safe Online’ – on our sister website The UK Domain for those in need of guidance. Businesses must take advantage of available information and ensure they are taking all possible steps to arm themselves with knowledge for the ongoing fight against cyber criminals.
No matter what size the business or the nature of the challenge to overcome, understanding is always a crucial first step in today’s climate of cyber risk. All businesses need to take an honest look at internal vulnerabilities and limitations, appraise the threat landscape, and then take responsibility for keeping the businesses prepared and secure for the digital future ahead.
For more advice on safeguarding your small business from cyber attack, visit BITC’s website or download our guide on The UK Domain.