With the cost of living crisis and energy bills increasing, SMEs will be looking to cut budgets. However, cybersecurity has to remain a priority, Rob Batters, Director of Managed and Technical Services, Northdoor plc provides SMEToday readers with his thoughts
There are real financial pressures on many SMEs now. The cost of living crisis, energy bills, and the continuing impact of the pandemic are all piling pressure on small and medium-sized businesses across the UK.
Undoubtedly, and understandably, businesses will look for ways to cut costs and budgets over the coming weeks and months. Identifying those areas to cut back on will be a difficult task. However, there should be parts of the business which need continuing support. One of these is cybersecurity.
The cost of cybercrime is increasing
The recent Cost of a Data Breach report showed that the average cost of a data breach is now $4.35 million. This is a constantly growing cost, but of course, for SMEs, it is not just the financial implication of a breach that they must consider.
Another report found that 27 percent of SME owners identified that cybercrime as the biggest threat to their business in 2022. This is because the threat is so much more significant than just financial.
A successful breach can mean that an SME cannot conduct day-to-day business for some time, at least until the vulnerability is closed, data retrieved, and a thorough investigation has taken place to ensure that the cybercriminal is removed from the system.
No matter the sector, any breach now means that an SME is also likely to be investigated by a regulatory body. The introduction, with much fanfare, of GDPR in May 2018 indicated that suddenly the data that all companies held was very much in the spotlight. The public now not only understands how much of their data companies have but also the value of that data and the potential impact on them if it falls into the wrong hands.
Indeed, such is the recognition of the value of data that the damage to the reputation of an SME if they do suffer a data breach is considerable. It can take a very long time to recover from a cyberattack and regain the public’s trust.
Reduction of budgets cannot include cyber defence
With the economy looking like it might be moving towards a recession, SMEs will be under pressure to find cost savings within the business.
Unless there is an immediate threat or a recent breach, cybersecurity can sometimes be an area where SMEs look to cut investment or not make the necessary continuing commitment to updating or managing the software.
However, this is a false economy. Any money saved by not implementing or updating security solutions can be lost if cybercriminals breach weakened defences or through an unidentified vulnerability. With criminals looking increasingly at SMEs as potentially an easier target than enterprise-level organisations, they must ensure that defences are fully up to date.
Perhaps one of the factors that has led cybercriminals to target SMEs is a belief, which resides within the SME community itself, that companies of that size cannot afford the latest solutions.
SMEs gaining access to enterprise-level cybersecurity solutions
This underlying belief that SMEs cannot keep up with the increasing sophistication of cyberattacks because they cannot afford the necessary cybersecurity solutions is a worrying one. However, frankly, it is no longer true, and SMEs can get access to the latest software that, up until relatively recently, remained exclusively in the realm of enterprise-level organisations.
Working with independent IT consultancies, SMEs can implement the latest cybersecurity products, including AI-powered technology that protects them against the latest and ever-changing cyber threats.
IT consultancies can also provide managed services. This can give SMEs peace of mind that a team of experts constantly focuses on emerging threats and the best solutions to keep them out. It also frees the internal team to focus on other business-critical IT issues.
Threat from cybercriminals is increasing, but IT consultancies allow for ‘reasonable’ measures
The nature of the threat facing SMEs is vast, as are the different tactics used by criminals to gain access. It is, therefore, impossible for smaller firms to keep up. The role that IT consultancies can play means that ‘reasonable’ measures can be introduced that cover a host of potential threats from multiple sources cost-effectively.
Cybercriminals will only be upping their efforts to gain access to data from SMEs, identifying them as potentially weak and unprepared. These attacks are sophisticated and are in multiple forms, from various entry points, and as we have seen, the impact on an SME being hacked can be disastrous.
With limited and reduced budgets, SMEs must find a way to avoid this threat. They certainly cannot afford to cut cybersecurity out of their budgets. This essentially plays directly into the hands of cybercriminals, and a breach will quickly undo any cost savings achieved by doing nothing.
Turning to IT consultancies gives SMEs access to not only enterprise-level solutions but also a team of experts that have an eye on emerging threats and their vulnerabilities. The resulting damage of a breach is now so extensive in terms of financial, regulatory, and reputational impact SMEs can no longer presume that they are immune to attack.