One of the key areas is the immediate identification of deliberate malicious attacks on the company’s system. According to the PwC report, two thirds of organisations reported spotting breaches within a week of them taking place with the remaining third taking between seven and 100 days to identify problems.
For Geake, one of the key issues is that businesses are not always investing in the right areas of cyber security. He said: “The first thing businesses need to do is work out what their risks are. They need to go through their system with up-to-date knowledge, to work out what the potential impacts of an attack could be.
“You also have to understand what would happen as a result of one of these attacks. Could information get stolen, deleted or changed? What would happen to customers if that happened?
“It is no longer possible to guarantee that you can stop a cyber attack, so therefore if something could happen that has a really serious impact on your business, you need to modify the way you use IT to reduce that impact.”
While investing in cyber security is imperative to protect business interests, it’s also important that SME owners are able to identify return on investment.
Miller says: “There has been a prior trend to spend money without being able to measure what the benefits of the investment have been. Now there is much more security, so senior staff members need to ask the professionals ‘how are you spending our money? Where is it being spent and is it being spent in the right areas?’”
While investing money into cyber-security can be costly, the ramifications of not doing so can have an extremely detrimental long-term impact on the business. As well as harming consumer trust, businesses are also held legally responsible for the data that they hold.
As a result, SMEs can be prosecuted under data protection rules should sensitive data go missing and they are deemed not to have taken enough care to protect their networks.