A third of small businesses have no cyber security strategy, report finds

 
James Warrington
Follow James
FRANCE-TECHNOLOGY-COMPUTERS-SECURITY
BITC warned small businesses must do more to protect themselves and their customers (Source: Getty)

A third of small businesses in the UK have no cyber security strategies in place, a new report has found.


Research by charity Business in the Community (BITC) revealed 40 per cent of small businesses had not taken any action on cyber security over the past 12 months. In addition, more than three-quarters of firms said they have no policy for controlling access to their data systems.

Read more: ECSC revenues jump as it cashes in on cyber security concerns

BITC warned small businesses must do more to protect themselves from the growing number of data breaches and said firms have a responsibility to their customers and supply chain to handle data safely and securely.

More than 2,000 cyber crimes were reported by businesses in 2018, according to the City of London Police, which leads national policing for fraud in England, Wales and Northern Ireland.


BITC chief executive Amanda Mackenzie said: “While it's often big companies which hit the headlines as victims of digital crime, when a small business is struck by a cyber attack decades of hard work can be erased in moments.”

“The business owners suffer. The supply chains suffer. Most of all, communities suffer,” she added.

The findings follow a damning government report earlier this month that warned only 16 per cent of boards at FTSE 350 firms have a comprehensive understand of the loss or disruption caused by cyber threats.

Read more: FTSE firms must do more to be cyber aware, government warns

Clare Gardiner, National Cyber Security Centre (NCSC) director of engagement, said: “Cyber security breaches can have a huge impact on businesses, and the NCSC has published a Small Business Guide to offer the best advice possible to potential victims.

“While we appreciate that cyber security might seem daunting, the NCSC is committed to helping organisations protect themselves against the majority of threats.”