{"id":12736,"date":"2024-09-02T21:16:57","date_gmt":"2024-09-02T20:16:57","guid":{"rendered":"https:\/\/www.qualitycompanyformations.co.uk\/blog\/?p=12736"},"modified":"2024-09-24T17:32:19","modified_gmt":"2024-09-24T16:32:19","slug":"smes-a-soft-target-for-cybercriminals","status":"publish","type":"post","link":"https:\/\/www.qualitycompanyformations.co.uk\/blog\/smes-a-soft-target-for-cybercriminals\/","title":{"rendered":"SMEs a soft target for cybercriminals"},"content":{"rendered":"

Employees of small and medium-sized enterprises (SMEs)\u00a0are four times more likely to encounter a cyber threat than those at larger organisations, according to security service Mimecast\u2019s new\u00a0<\/strong>Global Threat Intelligence Report 2024 H1<\/strong><\/a>. <\/strong><\/p>\n

The cloud-based email security service analysed more than 1.7 billion messages per day from over 42,000 customers and found that small businesses experience the highest volume of cyber threats. In the first quarter of this year, small and medium businesses saw 40 and 31 threats per user, respectively. Meanwhile, large enterprises only saw 11.<\/p>\n

SMEs urgently need to pay attention to this. According to a new nationwide survey of 1,055 UK small business owners by 1st Formations, as many as one in five small businesses report having experienced cybercrime within the past 12 months.<\/p>\n

Here\u2019s why cybercriminals target SMEs, what security breaches really cost, and how organisations can stay vigilant.<\/p>\n

Small businesses are data-rich but security-poor<\/h3>\n

Although SMEs may not handle the same volume of data as large corporations, they still have highly valuable customer data, employee data, financial records, and intellectual property on file.<\/p>\n

According to IBM’s Cost of a Data Breach Report 2024<\/a>, the most common type of data stolen or compromised in cyber attacks is customer personally identifiable information (PII). PII includes anything that can be used to identify someone, including a full name, email address, bank account number, National Insurance number, and more.<\/p>\n

\n \n \"Revolut\n \"Revolut\n <\/a>\n <\/div>\n \n

Consider the sheer number of records businesses store, from the founder\u2019s home address to scans of employee passports. Even for micro businesses, the numbers are bound to be at least in the tens of thousands.<\/p>\n

All businesses have a responsibility to keep this information secure for their customers and employees. If it gets into the hands of criminals, it can easily be used to commit identity theft and credit card fraud. Businesses also have a legal duty to comply with UK GDPR<\/a>, the UK’s general data protection regulation.<\/p>\n

Business insurance you might need if you work from home<\/span><\/a>\n The small business owners\u2019 guide to copyright<\/span><\/a>\n Do I need to register my side hustle as a limited company?<\/span><\/a>\n <\/p>\n

Yet research shows that the majority of SMEs do not invest in the necessary cybersecurity measures to protect this data. Cyber insurance provider Cowbell\u00a0<\/a>found that only 1 in 5 have a cyber incident response plan in place, according to their 2024 survey of 500 UK SME chief executives. In addition, one in ten said they saw no need to enhance their position regarding cyber risk.<\/p>\n

With so many of the UK\u2019s 5.6 million SMEs underprepared for an attack, criminal opportunists may consider them easy pickings.<\/p>\n

Lack of dedicated team and training<\/h3>\n

One of the most significant vulnerabilities SMEs have is their lack of resources. Larger companies can afford to invest in sophisticated systems and hire IT teams, while SMEs don\u2019t always have that luxury.<\/p>\n

The UK Government\u2019s Cyber Security Breaches Survey 2024<\/a> supports this. This survey asked 2,000 UK businesses and charities of all sizes about their cybersecurity positions over the past year. It found that micro and small businesses typically assigned cyber security responsibility to chief executives or senior managers.<\/p>\n

Additionally, only 2% of micro businesses have someone specifically in an IT role looking after cyber security matters. With all the responsibilities senior staffers juggle, it can be hard for them to dedicate time to essential tasks, like monitoring networks for suspicious activity.<\/p>\n

The study also revealed that in SMEs, cyber security is discussed with senior managers in an ad hoc, reactive manner (i.e. only when specific issues arise). Those with external IT contractors even felt like the \u2018problem\u2019 of cyber security had been passed over, causing them to disengage from the topic entirely.<\/p>\n

The government\u2019s survey also found that, compared to larger businesses, very few SMEs had any training or awareness-raising sessions on cyber security within the last 12 months.<\/p>\n