A cyber-attack is when a criminal exploits a business’ weaknesses to break in and harvest information that is in some way valuable to them. They can use this data to profit either by extortion or by selling information in the marketplace – in this way, even a small businesses’ customer list has value to cyber-criminals.
According to a partner in KPMG’s cyber security practice, George Quigley, the way cyber-attacks are reported can be very sensationalist: “you tend to see very big breaches, and you see a lot of those, but what you don’t see is anything underneath”. This contributes to the pervading idea that cyber-attacks are only really a problem for big businesses, and that SMEs can skim along under the radar.
This is absolutely not the case. Quigley explains that many of KPMG’s clients have learned from bitter experience that they have been disclosing information that they shouldn’t have done, and describes a “real challenge, probably a market failure” at the very smaller end of SMEs in terms of defence against cyber-attacks and data leaks. Getting the right people to provide security expertise to businesses can be quite expensive, and especially for SMEs at the smaller end there might be a hesitancy to invest, but the word is beginning to spread.
“There has been a slight change over the past six to 12 months. Whereas before my role would be very much reactive – going out and talking to people and helping them when they’ve had a breach – it’s becoming more proactive. People are seeing these problems and asking for help in understanding them,” says Quigley.
CBI senior policy adviser Emma Collins agrees: “Awareness about the importance of cyber security has spiked recently, including among small businesses. What we need to see now is action to mitigate the risks of a breach, and there is no replacement for expert advice. The better the board understands the threat to their business, the more coherent and easy-to-understand their strategy and policies should be for employees to follow.”