30% of Small Businesses Have no Cybersecurity Strategies

by Robert Best on November 1, 2019
Find me on:

30 per cent of small businesses have no cybersecurity strategies

Almost a third of small businesses in the UK don't have any cybersecurity plan in place. That is according to new research from Business in the Community. That wasn't the only surprising takeaway from the report.

We have given a quick rundown on the more interesting numbers and what that might mean for your business.

The report contained quite a few surprising statistics considering how much coverage cybersecurity has been getting in recent years.

Lack of data protection policies

For example, only 35 per cent of SMBs have a basic data protection policy and even less than that (23 per cent) have a policy for controlling access to their systems. That is really surprising a year since GDPR came into force. Aside from the penalties that can come with a GDPR breach, data is too important to any business to not be looking after it correctly.

As few as 21 per cent of small businesses and 23 per cent of medium-sized have an informal policy in place to deal with cyber risks. Sadly the risk of cyber attack is too high to not have a detailed plan for your business. Every 14 seconds a business will be victim to a ransomware attack so it is going to happen to your business.

Not doing risk assessments

Only 15 per cent of small businesses have an updated cyber risk assessment document. The risk of cyber attack is just too high now so you need to understand what in the business is increasing that risk. Even following a simple cyber risk assessment will help you to understand where your business is vulnerable.

The report also looked at the reason why a business does not offer cybersecurity training to its employees. 34 per cent of small businesses think it's not necessary to train their staff, outside of their IT department (if they have one).

Technician preparing data risk assessment in server room

No matter who is looking after your cybersecurity, whether it's internal or outsourced, educating your staff about cybersecurity is vital. 88 per cent of UK data breaches are caused by human error. That number is staggeringly high. In effect, we are making it easy for cybercriminals and by not educating your staff that number will continue to stay that high.

27 per cent of small businesses had no particular reason why their business has not invested in employee training. Even a modest investment in security training has a 72 per cent chance of reducing the impact of a cyber attack.

Not a budget issues

The worst part of these kinds of stats is that it doesn't even appear budget is an issue. On average only 8 per cent of SMBs thought cybersecurity training cost too much. So for over 90 per cent of SMBs, no budgetary issues are stopping them from training their staff.

I'm sure if a business owner was aware of stats like these there would be a different opinion towards cybersecurity. That is why we are running a cybersecurity event that is designed specifically for business leaders. We aim to tell them exactly what they are responsible for when it comes to cybersecurity.


Seeing statistics like this in the current climate of cyber attacks is always surprising. Hopefully, they can be used to drive more business to think further about their cybersecurity. Even if it is managed by an internal team or outsourced a business owner should still be aware of the risks.

New call-to-action

Join The Conversation

Please leave your comments below

Customer support

Recent Posts

Popular Posts