Small firms still struggling to tackle threat of cyber crime, one-of-a-kind security study finds
Scotland’s small businesses are aware of the increasing threat of cyber crime but are still failing to act on the threat effectively, according to what is thought to be the most detailed cyber security survey of small businesses in the past year.
Instead, they are being overwhelmed and confused by the amount of advice around cyber crime, the poll conducted by the University of Glasgow on behalf of the Scottish Government and Scottish Business Resilience Centre (SBRC) suggests.
The research, which was funded by a Royal Academy of Engineering Industrial Secondment Grant, found that, as a consequence, small firms are choosing to take only the most minor ‘common knowledge’ preventative measures, such as using anti-virus software and firewalls, which may leave them vulnerable.
The survey also shows that SMEs still do not regard the data they hold, whether their own or that of customers, as having value.
The study is the first of its kind to assess why Scotland’s SMEs are not doing more to protect themselves, despite the almost daily reports of companies being hacked, having personal data stolen or experiencing a loss of business.
SBRC director Mandy Haeburn-Little says the survey provides crucial guidance on how small businesses, government and other agencies all need to change their thinking to counter the threat of cyber crime.
She said: “It’s vital we do everything we can to support smaller companies including the many businesses who work from home. These findings will help us to do this. They show that SMEs do care and take cyber crime seriously, but they are hitting obstacles on what to do about it. However, also particularly concerning is that many small businesses still do not recognise that there is a value attached to the data they hold.
“The fact that there is so much advice online – and also significant levels of conflicting advice – is leaving them confused, bewildered and overwhelmed. The survey also shows that the majority of people simply turn to Google for advice despite there being several dedicated websites and portals of guidance available.
“This all points to the need to establish clarity over recommended actions and a single source for advice and contact. This is very much in line with the concept of the creation of a cyber hub for Scotland which would act as one trusted source of advice and cyber security services at affordable cost. SBRC is taking forward the scoping of this concept with more news on this expected in the next six months.”
The SBRC says it’s considering how small businesses can be more supported with their specific needs and for other simple measures to be introduced to keep cyber crime front of mind to help to drive behavioural change.
University of Glasgow senior lecturer Dr Karen Renaud, who was seconded to the SBRC and who conducted the survey, found that:
95% of businesses carried out security activities that showed they did care about security, but only 15% thought they were at significant risk of being the target of an attack.
More than 50% said they consulted Google for cyber advice with less than 7% consulting Government websites. With 12 million results coming up on Google, firms feel unable to identify trustworthy advice and are left floundering.