The Office of National Statistics recently cited a 12% increase in fraud and computer misuse. Cyber-attacks can be particularly damaging to small and medium-sized enterprises. But despite this news, a recent Kaspersky report shows there has been a lack of investment in IT security.
Kaspersky report data
According to Kaspersky, the top 10 reasons why SMEs have decreased on their investment in cybersecurity include:
| Reasons given for expecting to reduce IT security spending over the next three years | % | |
| 1 | Overall cuts to company expenses/general budget optimization | 29% |
| 2 | We are secure enough and there is no need to invest more in IT security | 25% |
| 3 | Large investments in past years solved key problems – now only maintenance is needed | 25% |
| 4 | Due to a decrease in business | 23% |
| 5 | Top management sees no reason to invest so much in IT security | 23% |
| 6 | There were no security incidents experienced in the last 12 months | 22% |
| 7 | Outsourcing some IT security functions allows us to cut costs | 22% |
| 8 | Switched to a cheaper endpoint protection solution/vendor | 19% |
| 9 | IT budget re-allocated to other needs in the company | 19% |
| 10 | Demand from our shareholders and investors | 15% |
Having found this information out; Specopssoft.com wanted to dive deeper and asked 1,600 SME owners the following questions:
| Question | Yes | No | Not sure | Rather not say |
|---|---|---|---|---|
| Do you see reason in ‘huge’ investments on cybersecurity? | 66% | 32% | 2% | 0% |
| Do you think bigger businesses are more likely to get attacked? | 31% | 62% | 6% | 1% |
| Do you think it would be harder for a small business to overcome an attack, rather than a large business? | 51% | 41% | 7% | 1% |
| Do you think your business is adequately prepared for any potential cyber-attacks? | 42% | 55% | 0% | 3% |
| Does your company have any formal plan/documentation in place which shows what protocols employees need to follow in the case of any potential cyber-attack(s)? | 28% | 71% | 1% | 0% |
| Do you think any budget cuts to your business will have an impact on how much you invest in cybersecurity for the overall business? | 58% | 32% | 9% | 1% |
| Do you think that a lot of the cybersecurity issues have been carefully handled/managed out over the last three years? | 17% | 82% | 1% | 0% |
| Do you think a decrease in business performance will lead to a decrease in how much your business investments in cybersecurity? | 72% | 28% | 0% | 0% |
| Has your business considered hiring a cybersecurity officer/specialist? | 69% | 31% | 0% | 0% |
| Would you be prepared to make cuts elsewhere to afford extra cybersecurity? | 42% | 58% | 0% | 0% |
Specopssoft.com’s survey showed that 31% of SME owners believe that bigger businesses are more at risk to threats than smaller ones. This is a myth. Every enterprise, business and big company is equally at risk of a cyber-attack, and as of 2017 roughly 48% of businesses were targeted at least once. *
Fraud and computer misuse and cybercrime data is on the rise
However, the good news is, even though SME owners may believe that they are unlikely to be targeted, they think they are prepared for any potential attacks with 42% of the participants saying so. However, every year the fraud and computer misuse and cybercrime data is on the rise, with a 12% increase over the previous year as of March 2020.*
On the other hand, even though participants believed they were prepared – 71% said they do not have a formal plan that has been put forward by their company – or none that they were aware of.
Looking at the data it seems that SME owners, with the underlying belief, that they will not be targeted, do not see the value in putting money into the practice with only 69% having considered hiring a security officer/specialist. Previous studies have shown that the more engaged you are as an SME and the more time you spend on the internet, the more you should be thinking about monitoring your cybersecurity.
With 66% of SME owners saying that it is worth making ‘huge’ investments in security, the evidence is blatantly clear – SMEs have the intentions to put money into security, however they are not putting this to practice as the Kaspersky report shows that there has been a $4.9m drop in IT security budgets since 2019.
- The biggest fear that SME owners have of suffering cybercrime is reputational damage, receiving 29% of the vote.
- The second biggest fear among owners is the direct impact of the crime itself, with 24% of the vote.
- Third is the potential financial loss, with 20% of the vote.
To combat these fears and prevent cyber-attacks, cybersecurity expert Darren James, recommends the following: “All companies, regardless of size, need to protect sensitive data. The ones that are most at risk are the ones that don’t prioritize cybersecurity. Passwords are a weak link that can be addressed by using multi-factor authentication when possible, and securing passwords when MFA is not available. The best way to secure passwords is to prevent employees from choosing weak and leaked passwords.”