Fewer than one in five UK SMEs have assessed their exposure to security threats, despite rising threats and recent high-profile cyber attacks, according to a new report.
In research by Arthur J. Gallagher, 44 per cent of small- and medium-sized businesses said they expect to face some kind of threat in the next 12 to 18 months.
But only 17 per cent of the SMEs surveyed said they have assessed their exposure to rising security threats in the United Kingdom, potentially leaving them open to risk.
Meanwhile, 68 per cent of small firms said they were resilient to security crises, but 43 per cent said they have no business continuity, disaster recovery or crisis management plans.
And the survey found that only 30 per cent have insurance that would cover them in the case of terrorism, cyber extortion, sabotage, product tampering or emergency repatriation, with another 40 per cent not knowing whether they have cover or not.
19 per cent of UK SMEs have faced an external security threat in the last two years, and 27 per cent specifically expect to be targeted by cyber extortion in the near future.
“It is vital for SMEs to build a culture of crisis resilience,” said Paul Bassett, managing director of Gallagher’s crisis management practice, commenting on the findings.
“Their growing awareness of an overall increase in security threats needs to be matched by actions that will help them mitigate and manage their own vulnerability to those risks.
“Our research shows education is key – clearly there is a disconnect between the current level of planning by SMEs and how resilient they believe themselves to be, creating a false sense of security.
“Many evidently feel they are too small to be targeted but today’s fast-evolving security threats are often not targeted at any particular company or industry.
“Exposure to the risk of non-damage business interruption – where no physical loss has been suffered but you aren’t able to trade – is a particular area of concern.
“That could be experienced because of proximity to a terrorist incident or an indiscriminate cyber extortion attack, for example.”
For more from the report, see the Arthur J. Gallagher website.
Photo © kran77 / 123RF Stock Photo