71% of Businesses Do Not Have a Plan to Deal with Potential Cyber-Attacks

  • Over the last year, SMEs decreased their IT security by an average of $4.9m!
  • 32% of businesses see ‘no reason to invest so much in IT security’
  • Even though there has been a drop in security investments, 66% of SMEs say it is worth making ‘huge’ investments in cybersecurity practices
  • 31% of SMEs believe that they are not at risk themselves and its bigger businesses who are
  • 71% of businesses do NOT have a formal plan/protocols in place to deal with any potential cyber-attacks
Image by kalhh from Pixabay

The Office of National Statistics recently cited a 12% increase in fraud and computer misuse.

Cyber-attacks can be particularly damaging to small and medium-sized enterprises. But despite this news, a recent Kaspersky report shows there has been a lack of investment in IT security.

Why has the amount of money into cybersecurity decreased over the last year? Specopssoft.com  sought to find out by surveying 1,600 SME owners.

Kaspersky Report Data

According to Kaspersky, the top 10 reasons why SMEs have decreased on their investment in cybersecurity include:


Having found this information out; Specopssoft.com wanted to dive a deeper and asked 1,600 SME owners the following questions:

Specopssoft.com’s survey showed that 31% of SME owners believe that bigger businesses are more at risk to threats than smaller ones. This is a myth. Every enterprise, business and big company is equally at risk of a cyber-attack, and as of 2017 roughly 48% of businesses were targeted at least once. *

However, the good news is, even though SME owners may believe that they are unlikely to be targeted, they think they are prepared for any potential attacks with 42% of the participants saying so. However, every year the fraud and computer misuse and cybercrime data is on the rise, with a 12% increase over the previous year as of March 2020.*

On the other hand, even though participants believed they were prepared – 71% said they do not have a formal plan that has been put forward by their company – or none that they were aware of.

Looking at the data it seems that SME owners, with the underlying belief that they will not be targeted, do not see the value in putting money into the practise with only 69% having considered hiring a security officer/specialist. Previous studies have shown that the more engaged you are as an SME and the more time you spend on the internet, the more you should be thinking about monitoring your cybersecurity.

With 66% of SME owners saying that it is worth making ‘huge’ investments in security, the evidence is blatantly clear – SMEs have the intentions to put money into security, however they are not putting this to practice as the Kaspersky report shows that there has been a $4.9m drop in IT security budgets since 2019.

The biggest fear that SME owners have of suffering cybercrime is reputational damage, receiving 29% of the vote.

The second biggest fear among owners is the direct impact of the crime itself, with 24% of the vote.

Third is the potential financial loss, with 20% of the vote.

To combat these fears and prevent cyber-attacks, cyber security expert Darren James, recommends the following: “All companies, regardless of size, need to protect sensitive data. The ones that are most at risk are the ones that don’t prioritize cyber security. Passwords are a weak link that can be addressed by using multi-factor authentication when possible, and securing passwords when MFA is not available. The best way to secure passwords is to prevent employees from choosing weak and leaked passwords.”

Please see the full blog post here for more information: https://specopssoft.com/blog/survey-why-smes-decreasing-investment-in-cyber-security/

Methodology: This information was sought in response to Kaspersky’s IT Security Calculator Report in 2020. Specopssoft.com surveyed a total of 1,600 SMEs and SMBs across 9 countries in September 2020. Respondents were asked questions about their attitudes towards IT security towards SMEs and SMBs, with general questions covering the importance and preparations. Please see the attached data set to see full questions asked.

*Supporting information was acquired from www.ons.gov.uk.