Data leaks and cyber attacks are something we regularly hear or read about in the news – yet despite this many business owners and financial directors, particularly those managing SMES, think they are immune. Simon Wright, operations director of CareersinAudit.com and CareersinCyberSecurity.co.uk talks about the high risk areas and the bigger call to action for businesses, regulators and government.
A few months back, CareersinAudit.com carried out research amongst more than 300 IT and financial auditors to get their insights based on their experience with both of carrying out IT and cyber audits with businesses.
Data leakage (loss of customer/business data, data access and harm to data) topped the list of greatest IT risks (38%), followed by cyber attacks (21%) and not being compliant to existing regulation (17%). Many auditors confirmed that at the heart of this issue, business owners believe that the cost for IT investment is not a top priority compared to other business costs and are not taking responsibility or ownership for IT protection – an ongoing “burying their heads in sand”. Others believe that lack of understanding about the risks and technical knowledge of protection mechanisms is fuelling the situation.
Watch now: In an exclusive interview with Financial Director, Andrew Bonfield, CFO of the National Grid and Chair of the 100 Group, discusses cyber security.
The research also revealed that nearly half of auditors (47%) believe that most start-ups and small businesses do not have a disaster recovery plan in place, with a further 17% saying that those that do will only set this up once and not review again.
Other highlights of the research revealed:
- 42% IT and financial auditors believe that industry bodies or regulators are not doing enough to raise awareness about the different IT risks, with a further 32% undecided.
- 45% of those surveyed feel that the government should be doing more to help small businesses and start-ups.
The bigger call to action
Data leaks and cyber attacks aren’t going to suddenly stop. However, rather than take a post-apocalyptic view on cyber attacks or data leaks, why not get to the core of the issues and mitigate the risk? Let’s see government providing grants and interest free loans, particularly for start-ups and small businesses to enable companies to have funds for IT security. Let’s see better educational campaigns about the huge risks since most SMEs do not understand the risks to their businesses and how catastrophic a cyberattack could be. It is not just about losing important data or the ability to operate but also the confidence of your customers. They must know the risks and threats so they can plan appropriately.
The way we work and interact with IT is constantly developing – yet, it is clear from our research that many businesses are leaving themselves hugely exposed by having weak risk management systems and, in some cases, none in place at all. Complacency or holding the view that “it won’t happen to my business” could prove to be extremely foolish as just one cyber attack or data leakage of customer data could have irreversible impact on the business – not just financially but the reputational damage as well. It’s time more businesses took greater responsibility to mitigate against IT risk alongside regulators and government helping with potential educational and training initiatives and providing possible funding assistance for start-ups and small businesses. Businesses should not underestimate the real threat facing their businesses today and into the future.