Octree Observer

UK SMEs not educating staff on the risks of cyber-security

  • CFC Underwriting finds that 38 percent of its claims in 2016 could have been avoided if better education and training processes were in place.

    Once again, I really wanted to share this article from Roi Perez, Community Manager at SC Magazine, highlighting the increasing need for security awareness training within businesses, to reduce the threat of email and web borne malware (primarily ransomware).

    New research from specialist cyber-insurance provider CFC Underwriting reveals that over a quarter of UK-based SMEs (27 percent) are still failing to educate and train their staff on the threat of a cyber-attack.

    Phishing scams caused 38 percent of CFC's claims in 2016, meaning that they could arguably have been avoided if staff were trained properly.

    Over a quarter of SMEs (26 percent) say that they do not train and educate their staff on the threat of cyber-security because they are “not sure where to start”. This could be the result of not understanding their cyber-risk profile, with 20 percent of SMEs never assessing the business exposure to cyber-risk.

    CFC saw a 78 percent rise in cyber claims from 2015 to 2016, with 90 percent of claims by volume coming from businesses with less than £50 million in revenue, highlighting just how vulnerable SMEs are to relatively unsophisticated cyber-attacks.

    When SMEs were asked what poses the biggest threat to their business, cyber-crime came in second, topped only by Brexit. Nearly a third (31 percent) of IT companies report cyber-crime to be the main threat, followed by 25 percent in the manufacturing sector. By comparison, just eight percent overall are concerned about traditional crime. Despite these worries, 80 percent of SMEs still do not buy cyber-insurance.

    At CFC's recent Cyber Symposium, Inga Beale, CEO of Lloyd's, said: “It's one of the most high-profile risks businesses are facing at the moment and yet CEOs seem to be in denial about its impacts and their ability to deal with it. Businesses are either not looking for solutions, or if they are, they don't know where to find them or understand the value of them. Insurers need to explain the benefits cyber-insurance can bring.”

    Graeme Newman, chief innovation officer at CFC commented: “It's concerning to see that more than half (56 percent) of SMEs do not have an incident response plan in place that outlines roles and responsibilities in the event of a cyber-attack.

    “SMEs must take a two-pronged approach to guarding against an attack, implementing good security and risk management practices along with a strong cyber-insurance policy. For SMEs that are time poor and cash strapped, cyber-insurance policies exist not only to pay for financial losses should their systems be compromised, but also to help them handle and resolve incidents quickly and effectively. Although only nine percent are worried about regulatory fines as a result of a cyber-attack, we can expect to see this shoot up the agenda when GDPR hits in 2018.”

    Octree partners with Cybsafe, a leading provider of scientifically developed security awareness training programs. For as little as £30.00 per user per annum you can get access to one of the most innovative SAT solutions available today. Call Octree now to find out how to improve your chances of surviving these clear and present threats.

Comments (0)

Leave a comment

Octree Cyber Essentials
Cyber security – don’t know where to start?
Talk to Octree, specialists in helping SMEs achieve Cyber Essentials status.
GDPR Survey

Recent Posts

Blog Categories

Blog Archive