A recent study conducted by CyberSmart has revealed that a significant number of UK SMEs believe that they are at a higher risk of cyberattacks due to the ongoing cost-of-living crisis. According to the study, 47% of the surveyed SME senior leaders share this concern. Among these respondents, 38% believe that the increased risk comes from malicious insider threats, where disgruntled employees make decisions that are detrimental to the company. Additionally, 35% believe that negligent insider threats, caused by overworked or distracted employees making mistakes, are contributing to the heightened risk.
The study, which surveyed a thousand SME senior leaders across the UK, also investigated the impact of economic uncertainty on these businesses. It discovered that almost 1 in 3 employers (29%) admitted that employee salaries have remained stagnant, resulting in a decline in real wages due to inflation. Furthermore, 11% of employers have even reduced salaries as a means to cope with budgetary constraints. In response to these financial challenges, nearly a quarter (24%) of SMEs have paused their recruitment efforts, while 16% have had to lay off employees.
Unsurprisingly, the study found that many employees are feeling overwhelmed and concerned about meeting their financial obligations. Approximately 1 in 4 employers (24%) reported that their staff members are experiencing such difficulties, while nearly a fifth (18%) feel overworked. These financial strains have had a negative impact on employee engagement and productivity, with 16% of respondents noting a decrease in engagement and productivity due to stress. Additionally, 14% believe their employees have become more disgruntled, and 11% have observed increased tension between senior leadership and employees.
Interestingly, the study also explored the potential activities that employers expect their employees may engage in while facing financial difficulties. The findings revealed that 22% of employers believe their employees may take on second or third jobs during their contractual hours, while the same percentage believes they may be more prone to making mistakes, such as clicking on phishing links. Furthermore, 20% of employers fear that employees may steal sensitive or proprietary data from the company for personal profit or to gain a competitive advantage. Additionally, 17% believe employees may seek to harm the company’s reputation out of resentment over salary cuts or stagnation and layoffs. Some employers (14%) expressed concerns that employees may utilize artificial intelligence tools, such as ChatGPT, to perform their duties, while the same percentage feared that employees may engage in financial fraud or embezzlement.
Despite the negative impact of the cost-of-living crisis, not all businesses are experiencing a decline in company culture. In fact, 20% of respondents believe that the crisis has brought their companies closer together, and 16% have noticed an increase in employee motivation to impress senior leaders. However, the study’s results highlight the importance for employers to be mindful of their employees’ well-being during challenging times. Jamie Akhtar, CEO and Co-Founder of CyberSmart, emphasized the potential risks associated with disgruntled or overloaded employees making decisions that could jeopardize the entire business. Akhtar stressed the need for regular security awareness training and the importance of supporting employees with empathy and understanding.
It is worth noting that business leaders from SMEs also attribute the growing risk of cyberattacks to external factors. For instance, 32% of respondents blame higher rates of supply chain fraud, while 31% express concerns about nation-state interference from hostile countries such as Russia and China.
The study conducted by CyberSmart sheds light on the significant cybersecurity challenges that SMEs face amidst the cost-of-living crisis. The findings underscore the need for businesses to prioritize cybersecurity measures and invest in employee well-being and security awareness training to mitigate the risks posed by both internal and external threats.