According to a recent survey conducted by Cowbell, findings indicate that small and medium-sized enterprises (SMEs) in the UK exhibit a notable deficiency in implementing essential cybercrime protocols. Shockingly, a mere 19% of these enterprises have adopted a recommended cyber incident response plan (IRP), signifying a significant lack of readiness to effectively handle security breaches and incidents.
The survey exposes significant vulnerabilities within UK SMEs, with 77% lacking in-house security capabilities. Shockingly, 32% of CEOs express confidence that a cyber-attack would not disrupt their business operations. Furthermore, 10% of business leaders believe they don’t need to enhance their cyber risk posture, while 87% do not consider reputational damage a significant concern.
Data breaches are proving costly for UK businesses, averaging £3.2 million in losses in 2023, positioning the UK as the sixth most expensive country for data breaches globally. The Government’s Cybersecurity Breaches Survey reveals that 59% of medium-sized businesses experienced breaches or attacks in the past year.
Despite these alarming statistics and warnings from GCHQ’s National Cyber Security Centre about the expected rise in global ransomware threats fueled by AI, complacency prevails among SME leaders. Only a minority of CHROs (20%), Directors (22%), and CEOs (28%) perceive cyber threats as their most significant risk.
Even more concerning is the lack of concern among CFOs, with only 8% ranking cyber threats as their top concern out of 14 possible threats. Additionally, confusion surrounds the first responses to cyber breaches, with 8% of CEOs suggesting direct engagement with threat actors, and 52% opting to notify the IT team first.
The survey also highlights disparate responses among leaders regarding post-breach actions. While some CEOs prioritize notifying regulators (10%) or in-house tech teams (10%), others suggest informing clients/customers (10%) or the finance team (10%). Similarly, HR Directors and senior marketers demonstrate varying opinions on the initial point of contact.
Simon Hughes, VP and General Manager of Cowbell UK, warns that SMEs are leaving themselves vulnerable to threats due to cybersecurity complacency. He stresses the importance of proactive planning in the face of escalating cyber threats.
Catherine Aleppo, a Broker specialist at Cowbell UK, emphasized the critical gaps in knowledge revealed by their research, which leaves businesses highly vulnerable. She stressed the urgent need to address the confusion surrounding initial responses to cyber incidents. Aleppo called for increased support and education on cyber risk and incident response planning to help businesses navigate such incidents and recover swiftly. She highlighted the importance of raising awareness about cyber vulnerabilities and protecting the UK’s SMEs, which are vital to the country’s economy and ensure swift recovery from cyberattacks.
