IT staff believe their own companies are keeping cyber attacks secret

Almost one in four IT decision makers in small and medium-sized businesses (SMBs) across the UK believe successful cyber attacks are being covered-up by their own companies - a problem given under GDPR they should be reported.

Trust is even worse in companies numbering between 50 and 99 employees in particular, as just over half of IT leaders, 51%, feel their companies have kept secret at least one successful cyber attack in the last 12 months.

According to research commissioned by Appstractor Corporation, SMBs in the UK on average faced at least five cyber threats in the last year, with 19% of companies facing as many as ten attacks. This was as many as 20 for 2% of firms, while every respondent said their firm faced at least one cyber attack during this period.

Titled 'Under attack: Assessing the struggling of UK SBMs against cyber criminals', the report - comprising a survey of 500 IT decision-makers - also shone light on the anxieties SMBs suffer, and their preparedness versus large businesses.

Fewer than half of IT bosses, feel their cyber security software has managed to keep up with the complexities of the threats they face - with a third of believing this puts their firms at a higher risk than big business counterparts.

"While big corporations grab many of the cyber security headlines and pop up in UK cyber security statistics frequently, it is actually SMBs which are a prime target for criminals who are able to deploy easily available tools and software to automatically mass target thousands of small companies at once, with as much effort as it would take to target a single small business," said Appstractor's Raizy Zelcer.

"SMBs also suffer from the fact that many are operated by only a few people and most don't have the cash or resources to fund a full time IT department, so cannot completely protect themselves.

"Even when they try, employees often crop up as a serious threat in their own right as the education around cyber security and online encryption is worryingly limited among UK workers."

With employees themselves pinpointed as the number one weakness in SMBS' cyber security outlays, those questioned generally agreed that flexible and remote working has led to a heightened cyber threat - 49% versus 14% (while 22% were unsure and 15% did not offer such arrangements).

Meanwhile with the European Union's General Data Protection Regulation (GDPR) recently in force, expectations are high for companies to bolster their cyber security policies and practices to protect themselves against breaches.

But the report found an overwhelming 75% of SMBs have admitted to not upgrading their cyber security policies - with a third of these companies believing their policies are "robust enough" to deal with any cyber threats they may face.

"This research has revealed a staggering lack of preparedness amongst SMBs, many of whom are either still in the process of reviewing their security policies in line with GDPR, or are yet to even start the process," the report concluded.

"Businesses are more data dependent than they have ever been, and small businesses in particular need to be aware of the risks and threats they face from criminals looking to take advantage of weak cyber security."

Keumars Afifi-Sabet

Keumars Afifi-Sabet is a writer and editor that specialises in public sector, cyber security, and cloud computing. He first joined ITPro as a staff writer in April 2018 and eventually became its Features Editor. Although a regular contributor to other tech sites in the past, these days you will find Keumars on LiveScience, where he runs its Technology section.