The small and medium-sized businesses (SMBs) in the U.K. revealed that potential cyberattacks and malware infections trigger severe concern than staffing or cash flow issues. According to a research report, “Securing Growth: How cyber risks among smaller U.K. companies change with size and time”, from cybersecurity firm Sophos, SMBs in the U.K. are being targeted by determined threat actors or have their network systems infected by malware. It’s said that the organizations don’t have enough resources or expertise to maintain a standard cybersecurity posture, which represents poor cyber-readiness.
Cyberattacks are Major Concern
The research stated that almost half (45 percent) of the organizations surveyed consider that malware infections and cyberattacks are a major business concern, compared to data breaches (42 percent), staffing issues (40 percent), or cash flow issues (32 percent). It also revealed that 31 percent of active companies don’t know which cloud services they use. The research findings are based on responses from over 400 business and technology decision-makers across the U.K.
A statement from the research report states, “The findings challenge a few widely held assumptions: that smaller businesses aren’t as concerned about cyberthreats as perhaps they should be, or that an organization’s cyber risk profile can be broadly defined by its number of employees. In fact, our research suggests that the biggest risk differentiator is years of operation, and that smaller firms do worry about cyberthreats – it’s just that this doesn’t always translate into secure behavior.”
Security Incidents on U.K.’s Mid-Market Businesses
A similar research from business and financial adviser Grant Thornton revealed that the mid-market businesses in the U.K. have lost around £30 billion (approximately US$37 billion) in 2019 due to security breaches. The research, “Cybersecurity–the Board Report”, stated that businesses were not prepared to manage cyber risks.
Grant Thornton surveyed over 500 U.K. mid-market companies, in which half of them reported losses of up to 10 percent of their income over cyberattacks. The research also revealed that 63 percent of the companies don’t have a cybersecurity team. Only 36 percent stated that they’ve provided cybersecurity training to their employees and more than half of the businesses (59 percent) don’t have a cyber incident action plan.