The National Cyber Security Centre (NCSC), a department of GCHQ Cheltenham, estimates that if you are an SME then you have around a 1 in 2 chance of experiencing a cyber security breach. For the small business this could result in costs of around £1400, for the medium business, considerably more. One has just been hit for around £30000, which I am sure you will agree, can be extremely damaging to the bottom line of businesses operating under tight margins. And of course, it’s not just financial penalties but the reputational damage should your customers data and assets be affected as well.
Okay in a conversation I was having last week about the new EU and UK data protection regulations and legislation, someone said to me; “what on earth do they [DPA 2018 & GDPR] mean when they say you have to take a Risk Based Approach to ensuring data protection”?
It’s an interesting question and one that has been endlessly debated over the years. Is an SME worth the effort of a Cyber attack? It’s difficult to assess just how many Cyber attacks there are annually, aimed at SMEs in the UK. Some studies suggest that they have increased tremendously in recent years. Most large organisations have the capability, but not always the will it has to be said, to determine just how many attacks they sustain, how many were successful and what the loss has been, quantified in financial terms. SMEs do not.
As H2 IRM moves into it's 3rd year of doing business, it has become increasingly obvious that many SMEs are still nervous of devoting any resource or budget to Cyber Security in any meaningful way. An attitude of 'we'll cross that bridge when we come to it', in regards to both Cyber Security and Data Protection, two obviously interwoven subjects, prevails. Of course, when that bridge needs to be crossed, it's generally too late.