SME Cybersecurity: Exploring the confidence gap
To better protect your business, we identified the disconnect between security threats and how prepared European SMEs are to deal with them.
Real work, real risk
Welcome to real world working. Where your teams can be here, there, and anywhere they want to be. Where you can manage projects without piles of paperwork, distribute patient information directly via an app, and use e-content in the classroom as easily as a textbook. But also – and critically – where new cybersecurity threats exist.
Today, work for many small and medium-sized enterprises (SMEs) means managing multiple networks, devices, and risk types. But how confident are you in your business’ ability to avert a cyberattack? To get a clearer picture, Sharp conducted research with 5,770 SME IT decision makers in 11 European countries, across a variety of sectors including education, healthcare, construction and legal.
Having already made the shift to online systems, to hybrid models and to apps that make tasks more efficient, our research shows the majority of SMEs feel that they are well prepared. However, at the same time, IT security confidence is lacking. And to add to the tension, a large percentage of SMEs aren't set to increase their IT security budget despite the growing risk.
This misalignment between preparation and threat level is creating the perfect opportunity for cybercriminals to strike.
Understanding the threats
In reality, no matter the industry, service offering or business type, IT security vulnerabilities are a real, widespread part of the digitally transformed world. It’s great being able to work from a mobile, stay easily connected to team members at all times, or speed up tasks with automated workflows. However, more devices and services connected through the internet means more ways for a business to be targeted.
From an operational perspective, cloud computing (information that’s stored online) has made data easier to manage for all sorts of businesses and organisations. Health records can be viewed at the touch of a button, exam results are filtered through apps, worksite surveys are conducted digitally. But at the same time, this means that such data has become increasingly accessible to others in the cloud and across the apps you use. Businesses today must take steps to ensure no bad actors (cybercriminals) can access the network, staff are fully aware of potential threats, and there’s a plan in place if an attack does happen.
And to add fuel to the fire, many might not be aware of the types of attacks they are at risk of – or their severity. After all, how many employees truly understand the meaning of terms like malware, ransomware, or phishing?
Preparation vs. confidence
Cybercrime statistics show that attacks are growing exponentially. Keeping up with the types of risks out there can be difficult, particularly as the tactics of cybercriminals are becoming increasingly sophisticated. A smaller business can fall victim to attack if there are any holes in its digital defence. From a weak device password to data that isn’t encrypted (scrambled into code), even the slightest crack can be all a hacker needs.
Sharp research shows that 79% of small businesses across Europe feel well prepared to deal with IT security threats. That’s good news, at first glance – but strangely, almost the same amount (68%) say they lack confidence in their business' ability to deal with IT security risks. And despite the growing risk, only 41% have increased IT security training since hybrid models were introduced, even though the very nature of hybrid involves staff members in multiple locations, potentially on separate (and sometimes unsecured) networks. Levels of security perception vary by country, with the number of SMEs feeling prepared to deal with potential IT security threats ranging between 67% and 86% across Europe.
Are you prepared?
Based on what the research shows, does your business’ digital defence align with the rising threat? And if you are feeling prepared, are your cybersecurity strategies evolving fast enough to allow you to confidently tackle different types of risk?
What does the research show?
Let’s take closer a look at what we found out from the European SMEs we questioned.
Research shows that just under four fifths of SMEs feel enough budget is being put into IT security. Given that one third have been impacted by a computer virus attack, and many are lacking crucial components of a robust security defence, this sentiment might be slightly misplaced. The damaging implications of an attack – reputationally, financially and from a customer loyalty standpoint – shouldn’t be overlooked.
Only 44% are increasing their security budget this year – likely a sign of the economic times. However, it’s worth remembering that investing in a cybersecurity management solution doesn’t always mean spending more money; it could be a case of reprioritising where the existing money goes. The right solution will provide the full protection your business needs, without breaking the bank.
Security threats have evolved beyond the rogue spam email or workers accidentally inputting their password into a dodgy web page. However these threats still remain, and as 32% of SMEs have been impacted by a phishing attack and 31% by malware, your digitally connected workforce might not be as aware of potential risks as they think.
For smaller businesses that lack a dedicated IT department, an essential component of their security is ensuring the whole team is ‘cyber-savvy’, with the right cybersecurity information. This includes everyone from delivery drivers to on-site workers, and even the exec working from a café’s public network.
Today, threats are coming from all angles, in places a business might not have on its radar. Despite nearly four fifths of SMEs feeling employees have adequate security training, security soft spots still remain: almost one fifth (19%) were impacted by a security breach from their office printer. An unlikely threat, many might not consider that hackers could infiltrate their company’s system from the machine designed to print, scan and share documents.
This is a particularly striking example of how an SME may not be effectively prepared for an attack. Despite a fifth having been impacted, only 5% are worried about this particular threat. Given that a third have no IT security measures in place to cover printers, it’s clear more can be done to keep staff trained on all types of risk.
From prepared to confident and truly risk-ready
Before any SME can be fully prepared for a cyberattack, it must rationalise its levels of confidence, knowledge, and investment in security. Cybersecurity risks are high – if an attack does happen, a strategic, broader approach needs to be prioritised in order to mitigate its impact. This means covering all bases, from staff training to continuous, round-the-clock monitoring of the network and systems.
This doesn’t have to interfere with other areas of the business or spike costs. Sharp offers a comprehensive family of tailored security solutions to help businesses be confident with their digital defence – providing all the expertise, monitoring and response required to keep things secure.