New research by Sophos on the different cyber risk profiles of UK SMBs


Sophos has published new research into UK SMBs, revealing how IT security vulnerabilities can change as companies grow or become more established – and what this means for their protection. A report of the research findings, Securing Growth, is available.

The top findings include: 

Almost half (45%) of business and technology decision makers in UK SMBs view the prospect of a cyberattack or malware infection as their biggest concern, ahead of staffing issues (40%), keeping up with legislation (37%) and even cashflow problems (32%) 

  • 31% of companies trading for more than 16 years are not fully aware of the specific cloud services used by their company, and the same proportion, 31% do not know which public file sharing applications employees are using to share information externally. This drops to 13% and 9% respectively for companies trading for one to five years
  • 22% of the organizations that use a contractor for IT and security support (37% overall) don’t routinely inform them when new services, such as cloud applications, or devices are introduced, rising to 38% among the smallest firms. This means that companies could find themselves under-protected as the people implementing their security don’t know there are new things to secure

Three quarters (73%) overall have installed business-grade security software, but 62% have also introduced consumer-grade security software, rising to 73% among the youngest firms, despite the fact that such products are not designed to meet the security needs of organizations. One in ten (11%) of the older firms surveyed have no plans to introduce any business grade security software

  • 59% of the youngest firms allow all employees to connect their personal devices to the corporate network, and 44% allow all contractors and third parties to connect to their network, compared to just 33% and 6% respectively for businesses operating for 16 years or more
    “Our research findings challenge a few widely held assumptions often made about SMB businesses and their attitudes towards cybersecurity. It is inaccurate to say that smaller businesses are not as concerned about cyberthreats as their larger counterparts, or that an organization’s cyber risk profile can be defined simply by its number of employees. In fact, our research suggests that the biggest risk differentiator is years of operation, and that smaller firms do worry about cyberthreats – it’s just that this doesn’t always translate into secure behaviour. Organizations, whatever their size, age or sector, need advanced security solutions that can adapt and evolve along with the business,” - Adam Bradley, Regional Vice President UKI & Nordics, Sophos

Advice for SMBs

  • IT security professionals and contractors tasked with implementing security best practice in growing companies should bear in mind the following best practice guidelines and ensure that they are accompanied by an ongoing program of employee security awareness training and support:
  • Check that you have a full inventory of all devices connected to your network and that any security software you use on them is up to date
  • Always install the latest security updates, as soon as they are released, on all the devices and servers on your network
  • Have different levels of data access rights for different employees
  • Keep regular backups of your most important and current data on an offline storage device as this is the best way to avoid having to pay a ransom when affected by ransomware
  • Administrators should enable multi-factor authentication on any security dashboards or control panels used internally, to prevent attackers disabling security products during an attack
  • Remember, there is no single silver bullet for security, and a layered, defence-in-depth security model is essential
    The survey was conducted by Sapio research among 407 business decision-makers (224 of whom have IT decision-making responsibilities) in UK organisations of 10-100 employees in October 2019.

Add a Comment

No messages on this article yet

Editorial: +44 (0)1892 536363
Publisher: +44 (0)208 440 0372
Subscribe FREE to the weekly E-newsletter