A new survey commissioned by Cowbell, a leading provider of cyber insurance for small and medium-sized enterprises (SMEs), has revealed a concerning lack of cyber education within businesses, putting 3 out of 4 SMEs at risk due to inadequate risk prevention efforts.
The study underscores the pivotal role employees play in the cybersecurity gap facing SMEs. With 54% of UK SMEs reporting cyberattacks in the past year, it is well-established that staff pose one of the most significant risks to a business’s cybersecurity.
However, the latest research delves deeper, shedding light on how employees unwittingly contribute to these risks.
The survey’s key findings highlight a concerning state of cybersecurity preparedness among small and medium-sized enterprises (SMEs) in the UK. Firstly, it underscores a pervasive lack of confidence within SME leadership, with over three-quarters of C-suite and senior managers expressing doubts about their teams’ ability to securely operate their own devices.
Moreover, the study reveals a significant gap in C-suite cyber awareness, as more than 75% of top executives struggle to confidently identify cyber incidents at work, and half are uncertain about differentiating phishing emails from legitimate ones. The data also sheds light on the vulnerability of employee devices, with 77% lacking confidence in their integration with business systems and a striking 89% failing to verify if these devices are running the latest software.
Additionally, a noteworthy 68% of SMEs neglect to educate their employees about the risks associated with using public Wi-Fi for company device access, while a concerning 80% lack policies to enforce software updates on employee devices.
The past three years have witnessed a substantial shift in workforce dynamics, with 85% of employees favouring a hybrid work approach, often including remote work. Cowbell’s survey highlights that SMEs are unintentionally exposing themselves to cyber risks due to a lack of awareness regarding basic protective measures.
Additionally, businesses are placing excessive responsibility on employees to uphold safety protocols, such as device security, software updates, and avoiding unsafe networks.
Cowbell’s VP and General Manager (UK), Simon Hughes, commented on the findings, stating, “Business leaders have been thrown into an ever-changing and complex landscape with regards to cyber threats, alongside having to navigate new business processes associated with a rapidly transforming world of work. Many have stepped up to keep themselves as robustly protected as possible. However, team-related behaviours and gaps in knowledge highlighted in our research are leaving businesses exposed, showing the need for continual monitoring and action. If employees aren’t regularly made aware of cybersecurity risks, such as public wifi usage, businesses can find themselves wide open at every coffee shop and neighbourhood their employees work and visit.”
Alarmingly, the survey also revealed that 75% of businesses do not provide training on identifying cyber incidents. Catherine Aleppo, Cowbell’s UK Sales Director, emphasised the need for increased cyber awareness training, saying, “Business owners must give their staff the tools and education, and ensure they’re continually aware of how to protect devices and digital assets more robustly. By making training readily available, we as an industry are making an important first step to encourage businesses to adopt a cyber-smart culture, but the research shows, there’s still more work to be done.”
