Many small businesses have little to no budget to spend on cybersecurity protection; only a quarter believe that government initiatives such as Cyber Essentials help improve security practices
Duo Security, one of the world’s fastest growing cybersecurity companies, in partnership with YouGov, surveyed 1,009 senior decision makers in small businesses[1]across Britain and found that 38 percent will spend nothing at all to protect themselves from cybersecurity threats this financial year. 30 percent of respondents have less than three percent of overall budget allocated for cybersecurity.
Conducted between September 19 and 26, 2017, the survey reveals that 36 percent of respondents consider themselves to be operating at or below the security poverty line. The term “security poverty line” refers to the point below which a company cannot effectively protect itself from cybersecurity threats.
The survey also highlights a need for the expansion of government initiatives available – like Cyber Essentials and Cyber Risk Aware – to help improve the security awareness and defences of the 5.5 million small businesses in the UK.
- Only 26 percent of small businesses consider the government’s measures effective in making them more cyber resilient
- 45 percent of small businesses surveyed do not consider themselves to be targets for hackers
- 47 percent of respondents think that security is too expensive, but lack of knowledge on combating cyber threats is seen as a bigger issue than either money or employee awareness.
The latest YouGov survey reports that just five percent of small businesses report having experienced a data breach – standing in stark contrast to the 46 percent of UK businesses overall that reported having a data breach in 2016, according to the government’s Cyber Security Breaches Survey 2017.
According to Wendy Nather, Principal Security Strategist at Duo Security, “When an organisation is IT-poor, it is subjected to a number of complex dynamics that keep it from implementing effective security. Simply lowering the price point on security products is not enough; they need expertise, resources, and influence on the vendors that supply their systems and software. Moreover, small businesses may not be able to tell whether they’ve been breached if they don’t have proper security monitoring in place; this prevents them, and us, from grasping the full scope of the problem.”
Professor Richard Benham, Chairman of The National Cyber Management Centre and founder of TheCyberClub added, “The feedback from this survey underlines that more needs to be done to better communicate government initiatives like Cyber Risk Aware and Cyber Essentials to their target audience. The fact that knowledge to combat cyber threats is considered the biggest requirement to help small businesses rise above the security poverty line shows just how valuable this programme could be in helping educate them in how to tackle cyber attacks, without breaking the bank.”
The full findings of the survey can be downloaded here: https://duo.com/assets/pdf/duo_security_poverty_line_survey_9_26_17.pdf
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.