How prepared are UK SMEs when it comes to cyber attacks?

Computer virus detection graphic

UK SMEs are under prepared to respond to a cyber crisis scenario, despite their awareness that security threats are rising and 44% of businesses polled are expecting to face some form of attack in the near future.

This is the key finding of research commissioned by insurance company Arthur J. Gallagher.

43% of the 1000+ SME business leaders surveyed by YouGov admitted to having no contingency plans for a crisis or not knowing what those plans were.

Furthermore, only 30% have insurance in place that would respond to a security crisis, such as terrorism, cyber extortion, sabotage, product tamper or emergency repatriation; with a further 40% not knowing if they have insurance cover or not.

The research also highlighted a very clear gap in perception between the threats SMEs face and their level of preparedness. 68% of SMEs questioned believe they are resilient and well-equipped to deal with a security crisis despite their planning and insurance protection levels showing otherwise.

There is, however, a widespread understanding that threat levels are growing, with 19% of UK SMEs having faced an external security threat in the past two years while 44% believe they could face a threat in the coming 12 to 18 months. 27% of those asked say they specifically expect to suffer cyber extortion in the near future.

Paul Bassett, Managing Director of Gallagher’s Crisis Management practice, comments: “It is vital for SMEs to build a culture of crisis resilience. Their growing awareness of an overall increase in security threats needs to be matched by actions that will help them mitigate and manage their own vulnerability to those risks.

“Our research shows education is key; clearly, there is a disconnect between the current level of planning by SMEs and how resilient they believe themselves to be, creating a false sense of security.”