Insufficient cyber security spells self-sabotage for SMEs

By the team at the UK Cyber Security Council

Many small and medium businesses may assume that they slip under the radar of cyber threats, safe in the comfort that no one wants to hack a small business. However, according to insurer Hiscox, one small business is hacked every 19 seconds – which translates to millions in revenue lost each year.

For this reason, Cybersecurity Awareness Month, marked each October, encourages society both personally and professionally to take responsibility for cyber security, forge good habits and be aware of the risks that lurk online.

In support of the government’s aim to make the UK one of the safest places in the world to live and work online, the UK Cyber Security Council was formed to become the voice of the UK’s cyber security profession, working to educate the UK on why specialist cyber security is important to all business, no matter what size.

Fail to prepare, prepare to fail

It sounds harsh but it’s unfortunately true, failure to protect your business will sooner or later result in a cyber security issue. More than 80% of UK organisations experienced a  cyber attack in the past year, proving that the threat is real, and incidents are occurring more frequently.

Oftentimes these attacks are unsophisticated and entirely preventable, the cyber equivalent of a burglar trying a door handle and catching people off guard. You can be sure that a SME would never leave their office door unlocked, so why risk leaving themselves vulnerable to a host of cyber threats?

Security team

No matter their size, organisations need to take cyber security seriously, to protect against operational disruption and the knock on financial and reputational effects caused by a cyber attack. A protected business is also a more productive business as teams are not slowed or shut down completely by viruses and malware. Fundamentally it is in business’ best interest to deploy adequate cyber protection with expert staff.

That said, a recent labour market report from the UK government found the UK’s cyber sector is facing a workforce gap of 14,100 people. Coupled with a rising number and variety of cyber threats, it has become increasingly important for the UK to address that skills shortfall and encourage new cyber professionals into the industry.

Understandably, SMEs may not be in a position to create hugely competitive packages and attract highly sought-after cyber security talent – which is where upskilling existing team members can be advantageous to the business, the individual and the cyber security industry as a whole.

Many people involved in the management of cyber security processes do so as part of another ‘cyber-enabled’ role and these are the kind of candidates who make perfect home-grown cyber experts for your business.

Those with a cyber-enabled role understand the organisation’s cyber needs and can upskill to specialise in the areas which matter most to your business. And with the introduction of professional standards, ethics, and career mapping from the UK Cyber Security Council, cyber career trajectories will soon be clearly mapped out, taking into account the 16 specialisms within cyber, and awarding the professional titles of Associate, Principal and Chartered. Making a clear and attractive career path for those pursing cyber.

Team security

However, there is a common – and dangerous – misconception that cyber security sits only with the IT team. Everyone involved in a business should understand cyber security and know that cybersecurity is everyone’s responsibility.

People are naturally suspicious of opaque entities that they don’t understand, such as an isolated security team. To be properly joined up with the wider business, the cyber security team needs to be accessible to those who use its services. This helps increase trust and transparency – which is particularly important in the event of a cyber attack.

As cyber security is everyone’s responsibility, people must be empowered with the tools to act on that responsibility. To begin the process of becoming a cyber-responsible organisation, an enterprise must create a culture where security is second nature.

Employees are a target for cyber criminals looking for easy access into an organisation. Effective and actionable responsibility requires increased employee training and the roll out of a cyber security policy. This will place everyone on the same page when it comes to best practices, so there’s as many eyes as possible on alert for potential threats.

Essential protection for everyone 

A security breach or loss of data can break trust, lose customers and be devastating for SMEs. The National Cyber Security Centre (NCSC) has dedicated information available for small businesses providing practical technical advice which can significantly reduce the chances of a business becoming a victim of cyber crime.

Having adequate cyber security measures in place means customers feel assured that their information is protected and the business has their best interest at heart. Gaining a Cyber Essentials accreditation can demonstrate this to clients and is a clear indicator that your business is taking cyber security seriously.

Cyber Essentials is an effective, government-backed scheme that helps organisations, whatever their size, guard against a range of the most common cyber attacks.

Digitalisation has enabled businesses to be more agile than ever. However, living and working in a technologically-advanced world also increases our level of vulnerability.

In today’s cyber landscape, the threats posed to SMEs and large corporations alike, are constantly evolving which is why the cyber security industry cannot afford to stand still and instead must keep growing and gaining in strength and depth of skill and experience.

At the heart of this growth is people. Investing in people, skills and education will enable businesses to better protect themselves on every level whilst nurturing an open and inclusive cyber culture.

To find out more about the UK Cyber Security Council, including events, membership opportunities and its pilot chartership programme, visit ukcybersecuritycouncil.org.uk