SMBs would rather risk customer data than jeopardize growth

Representational image depecting cybersecurity protection
(Image credit: Shutterstock)

Many small and medium-sized businesses in the UK would rather risk customer data than their own growth, despite a cybersecurity incident posing a significant threat.

In a new report from cybersecurity specialists, cost, as well as confirmation bias, were found to play a major role in the cybersecurity decision-making process.

According to the report, almost a quarter (24%) of SMBs spend nothing on cybersecurity, with an additional quarter spending less than $1,300 a year. 

The main reason why they decide not to prioritize investment in cybersecurity defenses is confirmation bias - a third (34%) believe they’re too small to be targeted, and an additional fifth (19%) believe their business data isn’t an interesting target for criminals. 

The second key reason is cost - for 25% of small businesses, it’s simply too expensive to set up a strong cybersecurity solution.

Pandemic a poor motivator

Even the pandemic, during which the number of businesses falling foul of a data breach grew exponentially, did not prove the case for investment, for many SMBs. More than a third (35%) believe the pandemic increased their exposure to risk in the cyber-realm, yet 40% were not prompted by it, to invest further.

The pandemic has forced businesses to decentralize the workforce and send their employees to work from home. Many of those employees were thrown into a remote-working environment for the first time, struggling to find their way around. Cybercriminals took advantage of the fact, targeting dazed and confused remote workers with unprecedented effort. 

In fact, a recent Canalys report stated that there had been more files hacked in 2020 than the previous 15 years combined.

The pandemic drove many firms out of business, while others only ensured their survival by implementing stringent measures, which usually involved curtailing the cybersecurity budget, the report said. This exposed businesses to attacks by organized threat actors as well as opportunistic hackers.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.