EIU says small firms blind to technology risks

Blindfolded business people
What's out there?

Small and midsized businesses are failing to recognise that emerging technologies can carry new security risks, according to a report produced by the Economist Intelligence Unit (EIU) and commissioned by Zurich Insurance.

Titled, An Expanding network of risk and opportunity: How UK SMEs are under-estimating the growing complexity of technology, the report makes use of a survey of 549 UK small business owners and directors carried out in November last year.

Just over half (53%) of SMBs have adopted cloud computing services in Europe. However, just 17% of those surveyed recognised that failure of cloud services was a 'major threat' to their business.

Mobile and social media, two areas of growing adoption among SMBs, pose similar risks, the report says. Just 8% of respondents identified mobile use within the workforce, including 'bring your own device' trends, as presenting a risk of IT exposure.

Meanwhile, 40% of respondents said that they do not believe use of social media presents a risk of reputational disaster to the business.

Data risk

The report highlightes data protection, cyber attacks and electronic fraud as three further key areas of concern for SMBs. It says that between 16% and 25% of respondents, equivalent to up to 1.2 million businesses, failed to recognise them as a threat to business.

Human error is still the most likely risk to data security, but only 46% of respondents said they had given staff security training, while just 28% had reviewed security policies.

The chance of SMBs being hit by cyber attacks is of particular concern due to small businesses not considering themselves to be of sufficient interest to cyber criminals. This is despite the fact that anti-virus company Symantec estimates that 36% of all attacks are targeted at SMBs.

For SMBs, suffering a data breach can attract crippling fines from the Information Commissioner's Office (ICO), which has the power to award a penalty of up to £500,000. For this reason, the ICO published an IT security guide for SMEs last year.

Richard Colman, Director of SME at Zurich, said insurance companies will become increasingly important to SMBs in the face of cyber attacks.

"Over the past decade the realm of cyber risk has expanded and become increasingly complex," he said. "Over the next decade, the insurance industry can play a critical role within the greater business community in helping SMBs understand, monitor and protect against the new risks emerging in the cyber landscape."

The report comes a week after the Department for Business, Innovation and Skills published a similar study highlighting the vulnerability of SMBs to internet threats.