UK SMEs do not have sufficient skills to prevent cyber attacks

cyber scams

Nearly all UK SMEs admit employees lack the necessary skills to carry out security testing

An alarming cyber security skills shortage has been exposed with just one in five companies revealed to have sufficient in-house capability to protect critical assets from attack, a study has found. 96% of those hit by a data breach in the last year report that inadequate security testing was at least somewhat responsible for the issue.

SMEs with between 100 and 250 employees are the most vulnerable, according to research from AVORD – a new security testing platform – which found that only 1% of small companies have the knowledge to fully protect data and assets against cyber attacks. Shockingly 4% of small businesses do not security test their products or infrastructure on a regular basis.

Cyber attacks on the increase

The cybersecurity skills shortage is being blamed for a 93% increase in data breaches seen by businesses of all sizes over the last five years. According to the Financial Conduct Authority (FCA), UK-based financial institutions have witnessed a near fivefold increase in cyber attacks last year compared to 2017, with major attacks on global brands like Uber and Marriott suggesting that the increase is widespread across other sectors.

Impact on businesses of all sizes

The impact of cyber attacks on small businesses can be the fatal: 48% of SME executives in the USA said a data breach would likely shut down their businesses permanently. Similarly, one in three UK SMEs battled a security breach that directly hit their bottom line in 2018, with 81% reporting a loss of customers.

While larger companies may have the financial resources to mitigate against the effects of a cyberattack, the skills gap should be a cause for concern to corporations relying on smaller companies as hackers can identify weak spots in the supply chain to reach valuable data and cause disruption.

Brian Harrison, founder and CEO of AVORD, commented: “Our research suggests that there is a lack of skills across businesses of all sizes, but it is smaller companies who are struggling most without proper expertise to fight against potential cyberthreats, and it’s these businesses who will suffer most as a result of a data breach. According to Radware, the average cyberattacks costs £855,000 which is a cost that many SMEs simply cannot afford. To survive in the digital economy, companies must find a way to effectively protect their critical assets from attack.”