New research shows UK SMEs are leaving themselves open to cyber threats: Cowbell

A recent survey commissioned by Cowbell has revealed that the UK’s small and medium-sized enterprises (SMEs) lack implementation of best practice cybercrime protocols and are severely unprepared to react to an incident, with only 19% having a recommended cyber incident response plan (IRP) in place.

This comes as advancements within AI technology continue to escalate both the complexity and spread of cyber attacks.

Some of the most alarming results from the survey include, a staggering 77% of UK SMEs revealing that they do not have any in-house security.

While 32% of CEOs said that they are confident that a cyber attack would not impact their ability to do business.

Moreover, 10% of all business leaders said they do not need to improve their position regarding cyber risk, and the majority of respondents (87%) did not consider reputational damage as a significant risk to business.

It is important to highlight, that data breaches cost UK businesses an average of £3.2 million in 2023, with the UK being the sixth most expensive country for data breaches in the world.

This is in addition to the Government’s latest Cybersecurity Breaches Survey, which revealed that 59% of medium businesses experienced breaches or attacks in the last 12 months.

Despite these statistics – and GCHQ’s National Cyber Security Centre warning that global ransomware threats are expected to rise with AI – complacency among SMEs was seen across the leadership bench, with only 20% of CHROs, 22% of Director roles and 28% of CEOs considering cyber threats to be their biggest risk.

What is a major concern, however, is that the risk of cyber threats almost fell off the CFOs’ radar, who ranked it second to last out of 14 possible threats, with only 8% considering it to be their biggest risk.

Additionally, the survey also highlighted confusion around first responses in the event of a cyber breach, with 8% of CEOs saying that they would engage with the threat actor directly.

However, rather than notifying the regulators or their insurance provider, 52% of respondents agreed their first course of action would be to notify the IT team should a breach occur.

There was also a clear lack of response demonstrated when respondents were asked what their first actions would be following a data breach. 10% of CEO said they would notify regulators, while a further 10% said they would contact the in-house tech team. While, 17% of CFOs said they would notify the in-house tech team, and 10% would inform clients/customers and a further and 10% would notify the finance team.

As for HR Directors, 24% felt they should notify the in-house finance team first, and 31% of senior marketers stated that they should first inform their tech team, while a further 25% said they would notify their insurance provider.

With cybersecurity protection out of sight and mind – and the first port of call post-attack varying wildly across the leadership board – VP and General Manager, Cowbell UK, Simon Hughes says that the UK’s SMEs are leaving themselves vulnerable and wide open to threat.

He commented: “Almost every day we see a new major cyber attack hit the headlines – and that’s just the ones big enough to warrant news coverage. Whether we put our heads in the sand or not, attacks are on the up. As developments in AI continue, we will almost certainly see an increase in the volume, complexity and impact of cyber attacks in the coming years. It’s not a case of if, but when. But now is not the time to scaremonger, it’s time for proactive planning.”

Broker specialist, Cowbell UK, Catherine Aleppo, said: “Our research indicates some serious gaps in knowledge, leaving businesses highly exposed. The message is clear: resolving the confusion around first responses is a matter of urgency. More support and education on cyber risk and Incident Response Planning needs to happen if businesses are to navigate these incidents and recover quickly. There is work to be done, raising critical awareness of cyber vulnerabilities and safeguarding the UK’s SMEs who form the backbone of the UK economy.”

This website states: The content on this site is sourced from the internet. If there is any infringement, please contact us and we will handle it promptly.