Half of SMEs admit they do not provide cyber security training, despite nearly two thirds reporting an increase in cyber security threats over the last 2 years

Research has found that cyberattacks are on the rise across the UK, yet it is revealed that few SMEs are taking sufficient action to prevent this.

Software Advice’s latest study examines the many cyber security threats that face UK SMEs, revealing that 62% of leaders have observed an increase in cyber threats in the last 2 years. Of which 12% stated that the increase was significant. The study revealed that 22% of SMEs have fallen victim to 1 or more cyberattacks between 2020-2021. Of this increase in attacks, the most common came in the form of phishing (at 57%), followed by malware (54%).

Despite the recent proliferation of cyberattacks, 48% of executive managers admitted that their employees have not received any cyber security training in the last 2 years. Additionally, 32% of managers claimed to not have a cyber security program within their company, whilst 50% of SMEs do not have a formal cyber security incident response plan in place. Most respondents also admitted to never having conducted a security audit, at 24%. Lastly, 35% of managers stated that if an attack were to happen, they wouldn’t know what to do or how to report it. 

Furthermore, an overwhelmingly high number of leaders acknowledged that their employees have too much access to company data. 25% of respondents stated that their employees don’t have access to all data, but to more data than is strictly necessary to perform their job, and 23% admitted that employees have access to all company data. Yet despite this and somewhat conflictingly, 61% of managers asserted that they are most concerned about the protection of their customer data (i.e. names, contact information and credit card data). Considering that 62% of SMEs have experienced an increase in cyber threats in the last 2 years, these lax security measures represent a significant security risk for many SMEs.

38% of respondents stated that a lack of budget was the main barrier preventing companies from being able to protect themselves against cyberattacks. This was followed by a lack of skilled IT personnel (at 33%) and low-security awareness among employees (at 27%), which is not surprising considering 48% of respondents have not received any recent cyber security training.

The impacts of some of the cyberattacks SMEs have faced include stress and anxiety to those employees affected (at 40%), disruption to daily operations (38%), loss of customer trust (32%), and reputation damage (28%).

Software Advice’s study explores some of the simple and cheap technical solutions SMEs can employ to ensure their business is cyber secure. The first is good cyber hygiene- which simply involves protecting data with passwords. This is important as passwords remain a security issue for many SMEs, as 39% of managers admit to reusing passwords on their work accounts. Multi-factor authentication is also highlighted as a key method to ensure a business’ data is protected and secure. Yet 21% of businesses revealed they don’t use multifactor authentication for any business applications.

Sukanya Awasthi, content analyst at Software Advice UK, comments:

Cyberattacks are becoming more and more common due to many reasons, including people and companies sharing more data online, advances in the technology required to execute attacks and remote working compromising company security systems. Software Advice’s study reveals that 62% of SMEs have experienced an increase in cyber threats in the last 2 years, whilst 22% fell victim to 1 or more cyberattacks. Yet despite this, SMEs are still not doing enough to protect themselves. The study also uncovers some worrisome data, showing that 48% of employees have not received any cyber security training in the last 2 years, and 35% of managers would not know how to respond if a cyberattack were to happen in their company. It is clear that UK SMEs must do more to protect themselves against cyber threats.

Study Methodology: Data for the cyber security survey was collected in November and December 2021, in which 500 UK SME business owners and decision-makers responded to Software Advice’s survey.