Small Businesses and Cybersecurity: The Risks in Data

Cybersecurity experts are warning that small businesses are at growing risk of cyberattacks, as they are increasingly being seen as low-hanging fruit by attackers. We look at the data on UK small businesses from research by Duo Security to find out the unique issues impacting such organisations


Many Small Businesses Don’t Consider Themselves Targets 

Cost is a significant barrier to effective cybersecurity

Small businesses think free cybersecurity tools will help them

Small Businesses Report Lower Rates of Cyberattacks

Many Small Businesses Don’t Consider Themselves Targets of Cyberattacks

Despite growing warnings of the risk hackers pose to small businesses, many simply do not believe that they are a target. Almost half of the businesses surveyed said they generally didn’t think their organisation was a target, only 18% strongly felt that their business was at risk.

“As a small business, I don’t think that my business is a target for cyber hackers”

For many businesses, cost is a major barrier to effective cybersecurity

Even when small businesses recognise that they are at risk, that doesn’t mean that they have the resources to adequately protect themselves. Duo Security’s research found that a third of the businesses surveyed were below what they’ve dubbed the “security poverty line”: the point below which a company is unable to adequately protect itself from a cybersecurity threat.

A third of small businesses have no budget at all for cybersecurity protection, while a further third spend just 1 to 2% of their budget on cybersecurity efforts.

Approximately what percentage of your business’ annual budget for the current financial year is/will be spent on investment in cybersecurity?

In addition, many businesses regard cybersecurity services to simply be too expensive to use, which may go some way to explaining why they are budgeting so little to protect themselves from attacks.

“Overall cybersecurity is too expensive for small businesses like ours”

Small businesses think free cybersecurity tools will help them

Given the financial issues that many small businesses face in tackling cybersecurity, what can be done to help them? Duo Security asked small businesses to rank three solutions to the issue in order of priority: government-run subsidies, free cybersecurity products and free cybersecurity training. Businesses showed a significant preference for free products.

However, given that humans remain one of the biggest risk factors for cybersecurity incidents, it is not clear if this would actually produce the desired security improvements.

Small businesses initiatives ranked by priority

Small Businesses Report Lower Rates of Cyberattacks

Despite the concerns, however, when it comes to cyberattacks, small business report a lower overall incidence than businesses as a whole. Only 5% of respondents reported an incident in the last 12 months, compared to 46% of all UK businesses in 2016, according to the UK government’s Cyber Security Breaches Survey.

However, while the number is low, it may indicate a lack of awareness about incidents, not necessarily a lack of incidents themselves.

Has your business experienced a cyber breach in the last 12 months?

Data from a survey of 1009 small business decision makers conducted by YouGov on behalf of Duo Security between 19th and 26th September 2017

Share this article