Cyberbreaches are costly. For SMEs in the UK, it is estimated that a cyberbreach costs £4,200 per attack. And this figure is just the reported cost. The focus also appears to be moving away from making cybersecurity a top priority, leaving businesses and their customers exposed to significant threats. Tom Henson, Managing Director at Emerge Digital, explores the current state of cyber-resilience amongst SMEs and offers solutions to building robust digital strategies.
In an age where the digital landscape is helping businesses drive success, explore new opportunities and provide new and innovative products and service solutions to their customers, SMEs are grappling with an evolving threat: cyberattacks. While cyber-resilience once held a prominent place on the business agenda, recent trends suggest a concerning shift.
According to the UK government’s Cyber Breaches Survey 2023, only 68% of SMEs consider cybersecurity a high priority, down from 80% the previous year. This shift in focus comes at a time when the cyber-risk is mounting, leaving businesses and their customers exposed to significant threats.
A report from industry insiders, IBM, claimed that cyberattacks against small and medium businesses climbed by 15% last year, with the average cost per attack in the region of £4,200. This figure doesn’t take into account any fines occurred or reputational damage either, which can take years to recover from, if businesses truly ever do.
With threats up and focus appearing to be down, let’s explore the current state of cyber-resilience amongst SMEs, the reasons why and solutions to building robust digital strategies that protects your business, your customers and your data.
Current state of cyber-resilience among SMEs
The journey towards robust cyber-resilience is one that most SMEs are only beginning to embark on, while their enterprise-level counterparts are closer to reaching their destination.
Based on what we’ve been seeing recently, and discussion with industry peers, we estimate that SMEs are just 20% along the path to reaching the same level of resilience as enterprise-level organisations. The reasons behind this lag are multifaceted, encompassing a complex blend of regulatory expectations, cyberinsurance requirements and supply chain pressures.
Up until 2022, there was a prevailing sentiment that SMEs had sufficiently met the cybersecurity expectations laid down by various stakeholders, including clients, government and industry regulators and insurance providers. However, the landscape dramatically shifted towards the end of 2022 and into 2023, with a notable escalation in these requirements. Despite the increasing danger, cyber-resilience seems to have fallen down the priority list for many SMEs. This drop is not only puzzling but alarming.
As we stand on the cusp of an era where cyberthreats are more rampant and insidious, the focus on cyber-resilience must regain its prominence. In light of these escalating demands, we would anticipate seeing a renewed emphasis on cybersecurity in the 2024 Cyber Breaches Survey results.
The precarious position of SMEs in the current cybersecurity landscape underscores the need for a renewed focus on data loss prevention, its strategic importance and the robust measures required to safeguard businesses against this increasingly common peril.
Why data loss prevention needs to top the agenda
Investing in data loss prevention is no longer an option; it’s a necessity. Recent shifts in requirements revealed a significant escalation in the challenges SMEs must confront. Yet, some common misconceptions persist: the belief that they are not a target; that their data lacks value to cybercriminals; that they don’t possess much data; that existing protections are sufficient.
Such beliefs are not only inaccurate, but perilous. Cybercriminals are often motivated by financial gain, leading them to exploit vulnerabilities in SMEs’ data management. This could result in ransom demands or the sale of sensitive information on the dark web. Additionally, valuable intellectual property and sensitive business information, although not covered by GDPR, can also be attractive targets.
The financial implications are stark, add to this the potential fines from regulatory bodies for failure to secure information under GDPR guidelines and the picture becomes even graver.
To maintain trust, safeguard reputation and ensure compliance, data loss prevention must be an unequivocal priority.
Strategies for securing data in the hybrid workplace
The hybrid workplace model has introduced new complexities in data security. To navigate these challenges effectively, businesses must consider several key strategies:
User-level protection
With cybercrimes often occurring at the user level, robust cybersecurity training is vital. The weakest point in your defences will often be your people. Educating employees about risks and safe practices is a first line of defence against data loss.
Tool maintenance and configuration
Ensuring that existing security tools are correctly maintained and configured is essential. Add-on licences for cloud services, like Microsoft Defender for Office 365, are good for bringing enhancements to your security quickly and cost-effectively. However, tools like this need care and attention when being implemented in order to dramatically reduce the likelihood of data loss.
Trusted Partnerships
Finding a trusted partner to understand specific needs and requirements can facilitate the creation of a tailored cyberprotection strategy.
AI and Machine Learning tools
The technological landscape is rapidly evolving, with AI and Machine Learning integrated into tools to detect suspicious patterns and risky behaviour. Understanding and leveraging these tools could prove pivotal in defending against increasingly sophisticated cyberthreats.
Comprehensive compliance
Beyond conventional cybersecurity measures, understanding and adhering to regulations such as GDPR is vital. This encompasses data management, individuals’ rights, breach notification, potential fines and more.
These strategies do not just represent best practices; they reflect a holistic approach towards a culture of cybersecurity. By aligning methods and measures with the specific demands of the hybrid workplace, SMEs can build a resilient shield against the ever-present threat of data loss.
Embracing the challenge of data loss prevention
The urgency of prioritising data loss prevention for small and medium enterprises cannot be overstated. In a digital age where threats are evolving and the risks are escalating, complacency is not an option. The potential consequences are far-reaching, not only threatening the financial stability of businesses but also endangering the trust and privacy of customers.
However, the path to robust cybersecurity need not be insurmountable. By embracing a more precise understanding of the current threats, acknowledging common misconceptions and taking measured steps to secure valuable data, SMEs can chart a course to resilience. Investing in intelligent tools, comprehensive training and collaborative partnerships with trusted experts can fortify the defences against both traditional and emerging cyberthreats.
What’s crucial is a commitment to on-going vigilance and adaptability. Recognising that cyberdefence is a continuous journey rather than a one-off task, is foundational to success. Resources such as Cyber Essentials standards and the guidance provided by the NCSC are readily available to support this endeavour. Emerge Digital’s OnyxSecure offering is one such solution that makes robust cyberprotection accessible and tailored to the unique needs of SMEs.
Data loss prevention is more than a technical hurdle; it’s a core business responsibility that directly affects an organisation’s standing and success. As technology moves forward, the strategies to protect vital information must keep pace. Now is the time for SMEs to act, making thoughtful decisions that align with their specific needs. With the right approach and the support of knowledgeable partners, safeguarding against data loss is not just a necessity but an opportunity to reinforce trust and stability in a constantly changing digital landscape.