Lack of Cyber Education Leaves Businesses Exposed, with Inadequate Risk Prevention Efforts Making 3 in 4 SMEs a Target

Posted on 27th September 2023

Employees identified as key contributors to substantial cybersecurity gap in SMEs, new survey shows
3 in 4 businesses don’t provide training on identifying cyber incidents, highlighting urgent need for education and expert guidance
Cyberattacks finding a foothold in the new era of remote work and SMEs are dangerously under-prepared

Employees are behind a widening gap in the cybersecurity of small and medium-sized enterprises (SMEs) a new survey* released today reveals, as over three-quarters of SMEs’ C-suite and senior managers admit they have no confidence their teams are operating their own devices securely.

With 54% of UK SMEs having experienced some form of cyberattack last year, it’s already well-known that staff are one of the biggest risks to a business’s cybersecurity framework. However, the new research – commissioned by Cowbell, a leading provider of cyber insurance for SMEs – goes into more depth, highlighting some of the ways that employees are unwittingly causing these risks.

Employees are not the only contributing factor to risk either, as the C-suite are also lacking cyber awareness: the survey found over three quarters of those operating at the helm of UK SMEs are unable to confidently identify a cyber incident at work, while a further 50% believe they’re unable to identify the difference between a phishing and real email.

Other key findings included:

77% aren’t confident that their employees’ own devices are operating securely with their business’ systems
89% are not checking with employees to ensure their devices are running the most up to date software.
68% are not actively making their employees aware of the risks of using public wifis to access company devices
80% of businesses do not have a policy in place to push software updates

The UK has seen a drastic change in workforce lifestyle over the past three years (as of May 2023, with 85% of employees currently working from home wanting a hybrid approach). Cowbell’s findings show that businesses are not only unwittingly exposing themselves to risk through lack of awareness of simple protective measures, but are also putting too much onus on their employees to perform safety protocols such as protecting devices, updating software and staying off unsafe networks.

Consequently, this can leave SMEs with a significantly heightened exposure to cyber risks, says Cowbell’s Simon Hughes, VP and General Manager (UK): “Business leaders have been thrown into an ever-changing and complex landscape with regards to cyber threats, alongside having to navigate new business processes associated with a rapidly transforming world of work. Many have stepped up to keep themselves as robustly protected as possible. However, team-related behaviours and gaps in knowledge highlighted in our research are leaving businesses exposed, showing the need for continual monitoring and action. If employees aren’t regularly made aware of cybersecurity risks, such as public wifi usage, businesses can find themselves wide open at every coffee shop and neighbourhood their employees work and visit.”

Cowbell’s survey also revealed 3 in 4 businesses don’t provide training on identifying cyber incidents. Catherine Aleppo, Cowbell’s UK Sales Director, says: “With reliance being increasingly placed on employees, there needs to be more focus on cyber awareness training. Business owners must give their staff the tools and education, and ensure they’re continually aware of how to protect devices and digital assets more robustly. By making training readily available, we as an industry are making an important first step to encourage businesses to adopt a cyber-smart culture, but the research shows, there’s still more work to be done.”