Employees are behind a widening gap in the cybersecurity of small and medium-sized enterprises (SMEs), a new survey released reveals, “as over three-quarters of SMEs’ C-suite and senior managers admit they have no confidence their teams are operating their own devices securely.”
With 54% of UK SMEs having “experienced some form of cyberattack last year, it’s already well-known that staff are one of the biggest risks to a business’s cybersecurity framework.”
However, the new research – “commissioned by Cowbell, a provider of cyber insurance for SMEs – goes into more depth, highlighting some of the ways that employees are unwittingly causing these risks.”
Employees are not the only contributing factor to risk either, as the C-suite are also lacking cyber awareness: the survey “found over three quarters of those operating at the helm of UK SMEs are unable to confidently identify a cyber incident at work, while a further 50% believe they’re unable to identify the difference between a phishing and real email.”
Other key findings included:
- 77% aren’t confident that their employees’ own devices are operating securely with their business’ systems
- 89% are not checking with employees to ensure their devices are running the most up to date software.
The UK has seen a drastic change in workforce lifestyle over the past three years (as of May 2023, “with 85% of employees currently working from home wanting a hybrid approach).”
Cowbell’s findings show that businesses “are not only unwittingly exposing themselves to risk through lack of awareness of simple protective measures, but are also putting too much onus on their employees to perform safety protocols such as protecting devices, updating software and staying off unsafe networks.”
Consequently, this can leave SMEs with “a significantly heightened exposure to cyber risks,” says Cowbell’s Simon Hughes, VP and General Manager (UK):
“Business leaders have been thrown into an ever-changing and complex landscape with regards to cyber threats, alongside having to navigate new business processes associated with a rapidly transforming world of work. Many have stepped up to keep themselves as robustly protected as possible. However, team-related behaviors and gaps in knowledge highlighted in our research are leaving businesses exposed, showing the need for continual monitoring and action. If employees aren’t regularly made aware of cybersecurity risks, such as public wifi usage, businesses can find themselves wide open at every coffee shop and neighborhood their employees work and visit.”