How prepared are you?
While many UK small to medium sized businesses clearly recognise cyber security’s value, the majority are still significantly unprepared to meet the EU General Data Protection Regulation (GDPR), according to the study of 607 UK business decision makers conducted by Barracuda Networks, Inc. (NYSE: CUDA), a leader in Cloud-enabled security and data protection solutions, in conjunction with Small Business Advice Week.
● One in 10 actively view cyber security as a hindrance.
● 64 per cent of respondents have a cyber-attack plan in place, with only one in 20 (five per cent) thinking they do not need a plan.
● If a cyber-attack caused systems to go offline, almost a third (30 per cent) of businesses would survive less than a day without their revenues being impacted. However, one in five (20 per cent) of respondents did not believe it would affect their organisation at all.
● 30 per cent of respondents aren’t prepared to meet the GDPR and 33 per cent aren’t aware of the implications it will have on their organisation.
● Half (50 per cent) of respondents either don’t know or don’t believe that the GDPR affects their business.
Lack of understanding leading to increased risks
The vast majority of respondents (80 per cent) confessed the revenue and capability of their business would be impacted by a cyber-attack which caused their systems to go offline.
With over half (59 per cent) saying this would happen within a week of their systems being offline, it’s clear UK organisations recognise the potential effect an attack can have. This may be due to the increased reporting on cyber-attacks, with 75 per cent of respondents saying recent news articles have made them warier.
Despite this, almost one third of respondents (30 per cent) either don’t have a cyber-attack plan or don’t know if they have one. A minority (5 per cent) do not think they need to plan in the event of a cyber-attack at all. It would appear that some organisations still have a long way to go in terms of cyber security education.
This may be due to non-technical staff often making important cyber security decisions in SMBs. In fact, only 35 per cent of respondents said their organisation’s IT manager or IT department makes security decisions.
The remainder were made by its managing director (27 per cent), board level decision maker (22 per cent), or there is a lack of any clear IT decision maker (nine per cent).
With the GDPR coming into effect in May 2018, it is concerning so few UK SMBs are prepared for its regulations. While a similar number both aren’t fully aware of GDPR implications (33 per cent), and feel unprepared to meet the GDPR (30 per cent), what’s most worrying is that a staggering 50 per cent of respondents do not think the GDPR will affect them.
As the regulation brings with it increased fines of up to €20m or four per cent of turnover (whichever is greater), organisations will be punished greatly for noncompliance.
Chris Ross, senior sales VP, international, at Barracuda Networks said: “SMBs often mistakenly believe they aren’t the ‘real’ targets of cybercriminals, and that attackers would rather focus their efforts on enterprises.
“However, often criminals prey on small businesses, assuming they have less cyber security resource to leverage.
“From May 2018, not only will data breaches undermine your company’s trust – and lots of smaller businesses out there depend heavily upon customer loyalty – but they can also very easily impact your bottom line.
“Increased fines or failing to comply with the GDPR may well leave a sizable dent in your organisations. Managing the aftermath of a cyber-attack has now in many cases become more expensive than proactively preventing it from happening in the first place.”