42% of small and micro businesses in the UK report having experienced cybercrime, new research from AAT (Association of Accounting Technicians) reveals. However, the research also reveals that many of them are not taking the precautions they should to protect themselves.
Of the 42% of small and micro business owners (businesses with between 0 and 49 employees) who responded to a survey from AAT saying their business had suffered cybercrime, 23% had suffered virus infection to their business computers and 22% had been victims of phishing – where sensitive information such as passwords are stolen by someone pretending to be from the bank for example. Card fraud was also common, with over one in 10 respondents (12%) saying they had been victims of it.
Despite the high number of businesses who have been victims of cybercrime, a significant number of small and micro businesses are still not doing what they need to do to protect their businesses.
- 69% reported using regular updates of anti-virus software, meaning that 31% are not guarding against computer viruses and malware.
- 66% reported using firewall protection; meaning 34% of businesses do not.
- Only 38% reported changing their business passwords regularly, which is essential for keeping passwords secure.
- Only 30% reported regularly installing security patches, which are needed to keep security software up to date for the latest threats.
- 14% reported not using any methods at all to protect their business from cybercrime.
Rik Ferguson, vice president of security research at security software company Trend Micro said: “This research shows that although many business owners are aware of cybersecurity risks and are taking action to guard against them, there are still some who need to do more to protect their businesses.
There is good cybersecurity advice available for free online, but businesses should always consider finding a trusted specialist security partner, as different businesses will have different security needs depending on what they do, and security advice is not one size fits all.”
Mark Farrar, AAT Chief Executive said: “Keeping online information secure is vital. A security breach could put you out of action and cost you money, which can be fatal for smaller businesses that have very little time and money to spare. Businesses should always protect every aspect of their online profile.”
Other interesting findings from the survey revealed a possible gender and age gap with business owners taking precautions against cybercrime:
- More female business owners reported not using any methods to guard against cybercrime (18%) than male (10%).
- A smaller percentage of female owners said they were likely to regularly update anti-virus software, firewall protection, and spam filtering software, or train their staff in best practice for cybersecurity.
- Male owners spend more on average on cyber protection (£268) than female (£206)
- More female owners reported that they don’t know where to get cyber protection advice (11%) than males (7%)
- People over 55 years of age are more likely to say their business uses no online functions, with 21% of them saying this.
- Business owners over 55 years of age were more likely to say they wrote their passwords down and kept them in a safe place instead of memorising them
Trend Micro’s Rik Ferguson will be discussing how prepared businesses are for cybercrime, and how they can become more secure, at the AAT Annual Conference on Saturday 16 May. For more information visit HERE
About AAT
AAT is the UK’s leading professional body offering skills based accountancy and finance qualifications. The AAT qualification is open to everyone, regardless of previous qualifications and age. Our members are represented at every level of the finance and accounting world, including students, people already working in accountancy, from junior to senior positions, and self-employed business owners. AAT is sponsored by the professional accountancy bodies within the UK – CIPFA, ICAEW, CIMA and ICAS.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.