In a recent study conducted by specialist insurance firm Markel Direct, it was revealed that a staggering 69% of small and medium enterprises (SMEs) in the UK do not have a cybersecurity policy in place. This lack of basic cybersecurity measures and hygiene is concerning, especially in today’s digital age where cyber threats are becoming more sophisticated and prevalent.
One notable finding from the research was that 43% of the surveyed SMEs admitted that their employees are not trained on best cybersecurity practices and potential threats. In addition, only 35% of these companies encourage their employees to regularly update their passwords, leaving them vulnerable to potential breaches.
Moreover, the study highlighted that only around half (52%) of SMEs utilize multi-factor authentication (MFA) to enhance their cybersecurity defenses. This is particularly alarming considering the rising number of cyber-attacks targeting businesses of all sizes.
When it comes to security tooling and software, the research uncovered that while 72% of SMEs have antivirus/anti-malware software in place, less than half have email filtering for spam and phishing emails (49%), a firewall (47%), and secure Wi-Fi networks (46%). Additionally, under half of the surveyed companies conduct regular data backups (46%) and implement data encryption (44%).
Furthermore, the study found that 69% of SMEs regularly update their system software, which is a positive sign. However, it also revealed that half (49%) of the companies would not know what steps to take in the event of a cyber-attack, and a similar proportion (53%) do not have cyber insurance to protect themselves in case of a breach.
In terms of securing company data accessed by employees working remotely, 52% of SMEs reported using virtual private network (VPN) access, while 48% provide training on secure remote work practices, and 46% have remote access policies and controls in place.
The survey also highlighted the biggest cybersecurity concerns for UK SMEs in the future. The majority of respondents (62%) expressed concerns about the increasing sophistication of cyber threats, driven by AI and other emerging technologies. This was followed by worries about securing remote work environments (23%), ransomware and other forms of malware (22%), the implications of emerging technologies (21%), insufficient budget/resources for cybersecurity (19%), and vulnerabilities associated with third-party vendors and suppliers (19).
Rob Rees, Divisional Director of Markel Direct, emphasized the importance of staying ahead of cyber threats for small business owners, especially as AI-driven attacks continue to evolve. He stressed the significance of having a robust cybersecurity policy in place to safeguard against ongoing threats, along with the protection offered by cyber insurance in the event of a targeted attack.
A separate survey by JumpCloud in July 2024 revealed that 49% of SME IT teams feel ill-equipped to defend their organizations against cyber-threats, citing a lack of resources and staffing. This further underscores the urgent need for SMEs to prioritize cybersecurity measures and invest in adequate defenses to protect their businesses from potential cyber-attacks.