Focus Mode
Cyber Security News

Majority of UK SMEs Lack Cybersecurity Policy

Cyware

Summary: A survey reveals that 69% of UK SMEs lack a cybersecurity policy, highlighting significant gaps in employee training and basic cybersecurity measures. The increasing sophistication of cyber threats, particularly those driven by AI, poses a major concern for these businesses.

Threat Actor: Cybercriminals | cybercriminals
Victim: UK SMEs | UK SMEs

Key Point :

  • 43% of SMEs do not train employees on cybersecurity best practices.
  • Only 35% encourage regular password updates among staff.
  • 52% utilize multi-factor authentication for added security.
  • 72% have antivirus software, but only 46% maintain secure Wi-Fi networks.
  • 49% of SMEs lack knowledge on how to respond to a cyber-attack.
  • 62% are concerned about the increasing sophistication of cyber threats.

More than two-thirds (69%) of UK small and medium enterprises (SMEs) lack a cybersecurity policy, according to figures from specialist insurance firm Markel Direct.

The research identified a significant lack of basic cybersecurity measures and hygiene in place across these companies.

This included 43% admitting that their employees are not trained on best practices and potential threats, while just 35% encourage their employees to update passwords.

Additionally, only around half (52%) of SMEs use multi-factor authentication (MFA).

Regarding security tooling and software, 72% of SMEs said they have antivirus/anti-malware software in place, 49% have email filtering for spam and phishing emails, 47% have a firewall and 46% have secure Wi-Fi networks.

Under half of surveyed companies conduct regular data backups (46%) and have data encryption (44%).

More than two-thirds (69%) regularly update system software.

The survey of 500 SMEs also found that half (49%) would not know what to do in the event a cyber-attack.

A similar proportion (53%) do not have cyber insurance in place in case of a breach.

When asked how they secure company data when accessed by employees working from home, 52% of SMEs said they use virtual private network (VPN) access, 48% train their employees on secure remote work practices and 46% have remote access policies and controls in place.

Biggest SME Cybersecurity Concerns

The biggest cybersecurity concern for UK SMEs for the future was the increasing sophistication of cyber threats (62%), fuelled by AI and other emerging technologies.

This was followed by securing remote work environments (23%), ransomware and other forms of malware (22%), emerging technologies and their implications (21%), insufficient budget/resources for cybersecurity (19%) and vulnerabilities associated with third-party vendors and suppliers (19%).

Rob Rees, Divisional Director of Markel Direct, commented: ‘Staying ahead of cyber threats is crucial for small business owners, especially as AI-driven attacks continue to evolve. Having a robust cybersecurity policy in place can help create a framework to safeguard against ongoing threats, whilst cyber insurance can help to protect your business in the event of a targeted attack.”

A survey by JumpCloud in July 2024 found that 49% of SME IT teams believe they lack the resources and staffing to defend their organization against cyber-threats.

Source:
https://www.infosecurity-magazine.com/news/uk-smes-lack-cybersecurity-policy

Tags: EMAIL, PASSWORD, FIREWALL, SPAM, PHISHING, VPN