Small businesses behind on cybersecurity says report
A survey of small business owners has revealed that almost half spend less than 5% of their budget on IT security, despite saying 98% of them saying it is a high priority.
This is one of the findings from the Small Business Cyber Security Survey 2012 Report, run by Lancaster University’s Security Lancaster in partnership with the ICT KTN.
Security Lancaster is one of only eight in the UK to be recognised by government and awarded Academic Cyber Security Centre of Excellence Status. It brings together Lancaster University's research in cyber security, security futures, violence and society and investigative expertise.
Other findings from the report include:
• 98% of respondents cite IT/Cyber security as a high business priority for them but only 43% actually those businesses have an actual IT security policy in place.
• Only 59% of all respondents outsourcing services have any form of IT policy protection.
• 55% of respondents were unaware of IT compliance requests from their clients and 66% unaware of requests from their suppliers or partners.
• The top four drivers for IT expenditure in the respondents are; protecting customer data (34%), complying with laws and regulations (15%), business continuity (11%) and preventing system downtime and outages (11%).
Dr Daniel Prince, Associate Director of Security Lancaster, said: “Despite the worrying findings we believe that the cyber security should not be considered a burden, but rather an opportunity and an effective component of business strategy. What the report highlights is that small and micro businesses have trouble understanding how to maximise these opportunities and their security capital expenditure. Given the economic wealth that these companies bring to the UK there is a clear market failure in the support that they receive in order to develop business opportunities and protect their business operations. Security Lancaster can help mediate this failure by providing access to its cutting edge cyber security research work for companies.”
More details of the report and the data set used to produce it can be found at: http://www.security-centre.lancs.ac.uk/sbcss2012