Almost a third of small businesses in the UK could be putting themselves and their customers at risk because they have not taken any formal steps to protect their systems from cyber security threats, a new report has warned.
Research conducted by Business in the Community found some 30 per cent of small businesses do not have any plan for this, compared with just four per cent of medium-sized firms.
This is not just concerning for the organisations themselves, but it could also potentially endanger any individuals and companies they do business with. The report noted this is particularly worrying from a supply chain perspective, as today's interconnected world means it may often be possible for hackers to gain access to a large enterprise by taking advantage of smaller, less well-protected suppliers.
Indeed, it highlighted incidents such as last year's attack on Ticketmaster, which compromised the details of around 40,000 customers. Upon investigation, it was discovered that while the firm's systems themselves were not breached, one of its suppliers, which operated the website's chatbot, was hacked.
This highlights how firms of all sizes are at risk of cyber attacks. Even if smaller enterprises do not believe themselves to be worth the effort of hacking, the access it could give criminals to their customers can be hugely valuable, and allow them to bypass the much more robust defences of the primary target.
Business in the Community's report stated: "Cyber attacks may not be on the top of your priority list. However, cyber-related incidents are more common than you think. Moreover, small businesses do not always realise they can be the gateway to big businesses’ data loss; a breach in a supply chain or the loss of customers’ data could spell the end for many small businesses."
The research also revealed that even where small and medium-sized enterprises are taking steps, the measures they take are often fairly rudimentary. For instance, more than two-thirds of firms have no measures in place to control who has access to systems and data, while more than one in five described their policies as "informal".