LONDON - February 12, 2019
New research from Webroot, the Smarter Cybersecurity® company, reveals that almost half of UK small to medium-sized businesses (SMBs) believe a cyberattack would put their business at risk of closure, and 48 per cent of businesses report they have had to deprioritise activities that would help grow their business to address cybersecurity.
The report, titled “Size Does Matter,” details the challenging climate for UK SMBs in a time of rapid political, economic and social change. Second only to Brexit, cybersecurity threats are the biggest source of uncertainty. As a result, SMBs are spending almost an entire working day (18% of their time) a week on cybersecurity related tasks.
Almost half (48%) having suffered a cyberattack or data breach in their lifetime, with over one in seven saying this happened more than once. Of the businesses that had been targeted, 70 per cent were used as an entry point into a larger enterprise system they supply to. Nearly half (48%) of the cases negatively impacted relationships, with almost a quarter (22%) admitting they are no longer a supplier as a result.
Additional Highlights from Webroot’s SMB research:
- UK SMBs see clear business benefits to cybersecurity investment. Over half (52%) believe investing in cybersecurity drives innovation, and 58 per cent believe it increases productivity. Nearly one third (28%) say cybersecurity could increase their revenue and attract new customers.
- There is a clear opportunity for SMBs to use their size to their advantage. Nearly two-thirds (64%) believe that being smaller enables their business to react more quickly to industry or political change than larger enterprises. Three-fifths (61%) think their employees are quicker to flag potential cybersecurity issues than at larger enterprises.
- Yet, 40% believe cybersecurity policies and threats restrict SMB growth more than larger enterprises
Key Quotes:
Paul Barnes, Senior Director, Product Strategy, Webroot:
“SMBs can no longer consider themselves too small to be targets. They need to use their nimble size to their advantage by quickly identifying risks and educating everyone in the business of how to mitigate those risks, because people will always be the first line of defence. Working with the right cybersecurity partner or managed service provider (MSP) to develop the right strategy for their size will allow smaller businesses to prioritise the activities that matter most and help them grow.”
Theo Paphitis, Business Entrepreneur and #SBS Small Business Sunday Creator:
“This research from Webroot shows that SMBs can no longer afford to believe they’re too small to be targeted. But it’s clear there needs to be a balance. It’s concerning that smaller businesses have had to deprioritise activities that would help them grow in order to address security issues. Educating small businesses on cybersecurity and helping them get the right support to address challenges is crucial. Small businesses are in the unique position to act quickly and be more flexible than their larger counterparts.”
Cybersecurity Tips for SMBs:
- Always educate. Security awareness training can’t be a tick-box activity for SMBs. It needs to be continual so cybersecurity stays top-of-mind and user error is minimised.
- Take a layered approach. SMBs need to leverage both next-generation endpoint protection and network protection to ensure they are covering the gaps that cybercriminals and hackers deploy to compromise businesses.
- Know the signs. Phishing is a favourite technique amongst attackers. Make sure employees are confident in identifying the different types of attack. Security awareness training that incorporates phishing simulations ensures that people, processes, and technology are all harnessed effectively together to stop cybercriminals.
- Assess your risk profile. Every business has different risk factors. If you don’t have the expertise, get an independent security audit or your MSP to help assess your security posture. Work to develop a plan for adequate ongoing risk mitigation. Look at your GDPR exposure and follow guidelines to ensure the appropriate mitigation criteria are met.
- Plan for the worst. Create a data breach response plan that identifies specific security experts to call and a communications response plan to notify customers, staff and the public. Have a backup and recovery strategy.
Research Methodology
This survey of 501 IT decision makers in companies with 1-500 employees was conducted by Censuswide in January 2019. Respondents included businesses in the financial services, retail, healthcare and public sectors. The full report can be found here.
About Webroot
Webroot was the first to harness the cloud and artificial intelligence to protect businesses and individuals against cyber threats. We provide the number one security solution for managed service providers and small businesses, who rely on Webroot for endpoint protection, network protection and security awareness training. Webroot BrightCloud® Threat Intelligence Services are used by market leading companies like Cisco, F5 Networks, Citrix, Aruba, Palo Alto Networks, A10 Networks and more. Leveraging the power of machine learning to protect millions of businesses and individuals, Webroot secures the connected world. Headquartered in Colorado, Webroot operates globally across North America, Europe and Asia. Discover Smarter Cybersecurity® solutions at webroot.com.