Cyber security for SMEs: The three common misconceptions

By David Jeffrey, Head of Fraud & Security, Barclaycard

No business, whatever its size, is immune from the growing threat of cyber crime, or criminal activity carried out by means of computers or through the internet. For many smaller businesses, however, cyber security competes with a variety of other day-to-day concerns for time and resource – meaning it’s sometimes given low priority, in turn making SMEs more vulnerable to a cyber attack.

To help businesses protect themselves with confidence, we’ve drawn on our decades of experience working with SMEs to identify three misconceptions they may have around cybercrime.

It won’t happen to me

Research from Hiscox’s The Cyber Readiness Report 2017 highlighted that nearly half (48%) of smaller companies had experienced one attack or more in the last 12 months. Despite this, our own findings show that one in ten (12%) small businesses admit they have done nothing to prepare for the risk of a cyber attack, and are less concerned about the dangers than larger businesses. A study from the UK Government’s Cyber Security Breaches Survey 2017 further highlights this misconception: it found that 39% of micro and small businesses with no governance or risk management measures think they are “too small or insignificant for cyber security.” By underestimating the risk of a threat, SMEs could make themselves an easier target for criminals online. 

I can’t afford to protect my business

SME Publications/ SME XPO 2024

SMEs are constantly grappling with conflicting demands on their finances, meaning that, for many, staying safe online falls down the agenda. Research from Barclaycard, for example, found that 27% of SMEs spend less on cyber security now than they did a year ago.

Faced with squeezed budgets and limited funds, it’s crucial that small businesses are smart in how they use their resources, seeking partners with multiple areas of expertise. For example, SMEs can receive the added support they need without a huge cost attached by bringing in cyber security specialists from a supplier they already use, such as their payment provider. 

I can manage on my own

When asked why they don’t think they need to invest in online security, over a third (35%) of SMEs said it was because they feel their business works well as it is. While this may be true in the current environment, cyber crime is constantly evolving. Without staying abreast of new developments, today’s security measures may not be fit for the future.

At the very least, small businesses should ensure they meet the minimum requirements for security as set out by the PCI Security Standards Council, an industry body which also offers resources specifically for SMEs. Another fast and easy way to stay informed is through the Business Fraud Prevention pages on Barclays’ Digital Safety Hub, launched earlier this year to encourage businesses and consumers alike to fight back against fraudsters.

To take protection to the next level, small businesses should start or continue having conversations with their suppliers. Many will have experts who can provide insight into the latest threats and solutions. Added support could give SMEs greater peace of mind – and ultimately, the freedom to focus on their business.

The results are clear

Small businesses face immense pressure to keep up with competitors of all sizes. This is all the more challenging in an uncertain political and economic landscape, with shifting consumer preferences and new technology that continues to develop at pace.

Against this backdrop, it’s imperative that SMEs find accessible ways to ensure they – and their customers – can feel as confident as larger businesses about their cyber security. The benefits are clear: a quarter (25%) of SMEs who have invested in this area say they have experienced less fraud, while 12% have seen an increase in customer satisfaction.

SMEs should move away from the ‘it won’t happen to me’ mind-set because, no matter its size, any business is at risk. Taking action to increase cybersecurity can seem daunting – but with a little time and some expert help, it may be easier than they think.

SME Publications/ SME XPO 2024