A recent study conducted by specialist insurance firm Markel Direct revealed that a concerning 69% of small and medium enterprises (SMEs) in the UK do not have a cybersecurity policy in place. This lack of policy implementation highlights a widespread issue of inadequate cybersecurity measures and practices within these companies.
One of the key findings of the research was that 43% of SMEs admitted that their employees have not received training on best cybersecurity practices and potential threats. Furthermore, only 35% of these companies actively encourage their employees to regularly update passwords, indicating a significant gap in basic security hygiene.
In terms of security tooling and software, the study found that while 72% of SMEs have antivirus/anti-malware software installed, less than half of the companies have other essential security measures in place. Only 49% have email filtering for spam and phishing emails, 47% have a firewall, and 46% have secure Wi-Fi networks. Additionally, under half of the surveyed companies conduct regular data backups (46%) and utilize data encryption (44%).
Moreover, the study revealed that a significant portion of SMEs (69%) do not regularly update their system software, leaving them vulnerable to potential cyber threats. In the event of a cyber-attack, half of the companies surveyed (49%) admitted that they would not know how to respond effectively.
Surprisingly, over half of the SMEs (53%) do not have cyber insurance in place to protect themselves in case of a breach, highlighting a significant gap in risk management strategies among these businesses. When it comes to securing company data accessed by employees working remotely, only 52% of SMEs utilize virtual private network (VPN) access, and less than half have implemented training on secure remote work practices or remote access policies and controls.
Looking ahead, the research identified the increasing sophistication of cyber threats (62%) as the biggest cybersecurity concern for UK SMEs in the future. This concern is further fueled by emerging technologies such as AI, which are being leveraged by cybercriminals to launch more advanced attacks. Securing remote work environments (23%), ransomware and other forms of malware (22%), as well as insufficient budget/resources for cybersecurity (19%) were also highlighted as significant concerns for SMEs.
Rob Rees, Divisional Director of Markel Direct, emphasized the importance of staying ahead of cyber threats for small business owners, particularly in light of evolving AI-driven attacks. He stressed the necessity of implementing a robust cybersecurity policy to safeguard businesses against ongoing threats and emphasized the role of cyber insurance in protecting companies from targeted attacks.
In a related survey conducted by JumpCloud in July 2024, it was found that nearly half (49%) of SME IT teams feel that they lack the resources and staffing needed to adequately defend their organizations against cyber threats. This further underscores the challenges faced by SMEs in enhancing their cybersecurity posture and underscores the need for proactive risk management strategies in the face of evolving cyber threats.