Research finds just 9% of SMEs teach staff about IT security risks

IT Security continues to be a key issue hitting the headlines for SME’s.  The ITCS team saw new research released today, which worryingly found that only 9% of SMEs offer training or send emails to educate staff about  IT security risks.

Politecnico di Milano School of Management ran a Cyber Crime Observatory which analysed the information security systems and expenditure breakdown of 803 SMEs operating last year.  As well as the shockingly low level of awareness in SME’s. large firms were not much better, they found only about a quarter of the largest firms were educating staff on IT security.

This means that the majority of staff are unaware of the vital role they play in IT security – leaving most companies exposed to the increasing risks.

Alessandro Piva, director of the research observatory said: 

“Cybercrime has grown dramatically over the past months, alongside a continued rise in ransomware, where hackers demand payment of a ransom to release data, and attacks on products linked to the Internet of Things.

“The need for a long-term approach to how information and privacy are managed and the organisation’s data is kept confidential should be a top concern of a company’s upper management.

“It seems that smaller organisations don’t anticipate that they will be targeted as victims of cybercrime in the same way as, say, Yahoo in 2013, where a hack left over one billion users’ information publicly available. Yet without a contingency plan or any preventative measures, these companies are leaving themselves wide-open for potentially devastating cyber-attacks.”

So why are businesses being so complacent?  Brian Stokes, Managing Director of ITCS explains:

 “Actually I don’t believe UK businesses are as complacent as they were 12 months ago, because the new GDPR rules due to come into force next May are giving many businesses a wake-up call. However, the wake up call is bringing risks too.

We’ve seen new GDPR ‘experts’ pop up charging businesses huge fees to get them ‘GDPR ready’, when often the measures needed to reach compliance are quite simple.  

“We are offering any business a free IT Security audit and data health check.  It’s our way of giving something back to the South Wales business community we are proud to be part of. Security and compliance have always been priorities for the ITCS team and our Compliance Team will continue to support businesses ahead of the planned changes and beyond.”

If you have any questions about IT Security or GDPR, call 08456 444 200 and ask for our Security Team.

WebResearch finds just 9% of SMEs teach staff about IT security risks