Poor IT risk practices are rife amongst small businesses and start-ups

Nine in ten small businesses and start-ups are vulnerable to cyber attacks, loss of customer and business data and other IT risk which could result in the entire loss of business, according to research published by global job board 

IT riskThe research which was carried out amongst 304 IT and financial auditors during May-June 2016 revealed that data leakage (loss of customer/business data, data access and harm to data) topped the list of greatest IT risks (38%), followed by cyber attacks (21%) and not being compliant to existing regulation (17%).

Many auditors believe that at the heart of this issue, business owners believe that the cost for IT investment is not a top priority compared to other business costs and are not taking responsibility or ownership for IT protection – an ongoing “burying their heads in sand”.  Others believe that lack of understanding about the risks and technical knowledge of protection mechanisms is fuelling the situation.

The research also revealed that nearly half of auditors (47%) believe that most start-ups and small businesses do not   have a disaster recovery plan in place at all with a further 17% saying that those that do will only set this up once and not review again.

Other highlights of the research revealed:

  • 42% IT and financial auditors believe that industry bodies or regulators are NOT doing enough to raise awareness about the different IT risks with a further 32% undecided.
  • 45% of those surveyed feel that the Government should be doing more to help small businesses and start ups.

Recommendations for Government and regulators include:

  • Government to provide grants and interest free loans for start-ups and small businesses to enable companies to have funds for IT security.
  • Make cyber attacks a serious criminal offence and introduce penalties and fines for leaked data.
  • Education, education and education! Provide free seminars and courses for small business owners to raise awareness about risks and what they can be doing better.
  • Provide regular updates on technology options and best practices to keep up with the fast changing environment.

Simon Wright, operations director, adds: “The way we work and interact with IT is constantly developing –  yet,  it is clear from our latest research that many businesses are  leaving themselves hugely exposed by having weak risk management systems and in some cases none in place at all.

“Complacency or holding the view, “it won’t happen to my business” could prove to be extremely foolish as just one cyber attack or data leakage of customer data could have irreversible impact on the business – not just financially but the reputational damage as well.

“It’s time more businesses took greater responsibility to mitigate against IT risk alongside regulators and Government helping with potential educational and training initiatives and providing possible funding assistance for start-ups and small businesses.”

Bobby Lane, a partner at accountancy firm SSH, adds: “Education is key! Most SMEs do not understand the risks to their businesses and how catastrophic a cyberattack could be. It is not just about losing important data or the ability to operate but also the confidence of your customers. They must know the risks, threats and plan appropriately.

“SMEs must not underestimate the real threat facing their businesses today and into the future.”