It’s ok – the GDPR doesn’t affect small businesses. Or does it?

By Chris Ross, SVP International at Barracuda 

This week Barracuda has joined forces with other organisations to offer a helping hand to the UK’s 4.5 million small and medium-sized businesses as part of Small Business Advice Week. We surveyed 607 business decision makers around the UK with the hopes of finding out just how much they value cyber security and how they are preparing for the new EU General Data Protection Regulation (GDPR).

Comfortingly, the results show UK SMBs are increasingly recognising cyber security’s value, with four in five seeing it as a necessity and 64% having a specific cyber attack plan in place. Some 80% confessed that their revenue and capability of their business would be impacted by a cyber attack if it caused their systems to go offline. And over half claimed this would happen within a week. But with new legislation looming, it is now vital for all SMBs to familiarise themselves with what this will mean for their organisation.

However, it would appear that some organisations still have a long way to go in terms of cyber security education. Disturbingly, one in ten respondents actively view cyber security as a hindrance. What’s more, over a third don’t have a plan in place for the event of a cyber attack, and 5% believe they don’t need one at all. This, especially in light of the upcoming legislation changes, makes for nerve-wracking reading.

Back to School

What’s arguably more concerning is that a significant amount of SMBs are undeniably unprepared to meet the GDPR when it comes into force in less than a year’s time. 30% of respondents aren’t prepared to meet the regulation, with a similar proportion completely unaware of the implications it will have on their organisation.

As of May 2018, all organisations will be fined up to €20 million, or 4% of their turnover (whichever is greater), for non-compliance. This would be disastrous for most enterprises but could prove fatal for SMBs.

SMBs often mistakenly believe they aren’t the ‘real’ targets of cyber criminals, and that attackers would rather focus their efforts on enterprises. However, often criminals prey on small businesses, assuming they have less cyber security resource to leverage.

From May 2018, not only will data breaches undermine your company’s trust – and lots of smaller businesses out there depend heavily upon customer loyalty – but they can also easily impact your bottom line. Increased fines or failing to comply with the GDPR may well leave a sizable dent in your organisations. Managing the aftermath of a cyber attack has now in many cases become more expensive than proactively preventing it from happening in the first place.