SMBs spending a day each week dealing with cybersecurity issues

Almost half of UK small to medium-sized businesses (SMBs) believe a cyberattack would put their business at risk of closure, and 48 per cent of businesses report they have had to deprioritise activities that would help grow their business to address cybersecurity, a new research from Webroot reveals.

The report, titled “Size Does Matter,” details the challenging climate for UK SMBs in a time of rapid political, economic and social change. Second only to Brexit, cybersecurity threats are the biggest source of uncertainty. As a result, SMBs are spending almost an entire working day (18% of their time) a week on cybersecurity related tasks.

Almost half (48%) having suffered a cyberattack or data breach in their lifetime, with over one in seven saying this happened more than once. Of the businesses that had been targeted, 70 per cent were used as an entry point into a larger enterprise system they supply to. Nearly half (48%) of the cases negatively impacted relationships, with almost a quarter (22%) admitting they are no longer a supplier as a result.

Additional research highlights

• UK SMBs see clear business benefits to cybersecurity investment. Over half (52%) believe investing in cybersecurity drives innovation, and 58 per cent believe it increases productivity. Nearly one third (28%) say cybersecurity could increase their revenue and attract new customers.
• There is a clear opportunity for SMBs to use their size to their advantage. Nearly two-thirds (64%) believe that being smaller enables their business to react more quickly to industry or political change than larger enterprises. Three-fifths (61%) think their employees are quicker to flag potential cybersecurity issues than at larger enterprises.
• Yet, 40% believe cybersecurity policies and threats restrict SMB growth more than larger enterprises.

“SMBs can no longer consider themselves too small to be targets. They need to use their nimble size to their advantage by quickly identifying risks and educating everyone in the business of how to mitigate those risks, because people will always be the first line of defence. Working with the right cybersecurity partner or managed service provider (MSP) to develop the right strategy for their size will allow smaller businesses to prioritise the activities that matter most and help them grow.,” said Paul Barnes, Senior Director, Product Strategy, Webroot.

Cybersecurity tips for SMBs

• Always educate. Security awareness training can’t be a tick-box activity for SMBs. It needs to be continual so cybersecurity stays top-of-mind and user error is minimised.
• Take a layered approach. SMBs need to leverage both next-generation endpoint protection and network protection to ensure they are covering the gaps that cybercriminals and hackers deploy to compromise businesses.
• Know the signs. Phishing is a favourite technique amongst attackers. Make sure employees are confident in identifying the different types of attack. Security awareness training that incorporates phishing simulations, ensures that people, processes, and technology are all harnessed effectively together to stop cybercriminals.
• Assess your risk profile. Every business has different risk factors. If you don’t have the expertise, get an independent security audit or your MSP to help assess your security posture. Work to develop a plan for adequate ongoing risk mitigation. Look at your GDPR exposure and follow guidelines to ensure the appropriate mitigation criteria are met.
• Plan for the worst. Create a data breach response plan that identifies specific security experts to call and a communications response plan to notify customers, staff and the public. Have a backup and recovery strategy.