Monday, 24 June 2013

SMBs spending measly £200 a year on cyber defences

Cash
Small to medium sized businesses are spending as little as £200 a year on their cyber security budgets, leaving themselves wide open to attacks from hackers, the UK Home Office has revealed.
The Home Office said SMEs are drastically under investing in IT security in its Crime against businesses: Detailed findings from the 2012 Commercial Victimisation Survey, revealing that many companies with fewer than 20 employees are spending as little as £200 per year. "Of those business premises that had computers, the average (median) amount spent on IT security over the previous 12 months was £200," reads the report.
The report revealed that a firm's average IT spend increased in line with its size, with companies with 50 to 100 employees spending roughly £4,000 per year on IT security and firms with 100-plus employees around £10,000.
Interestingly, the disparity in investment in physical and IT security investment also grew in line with the company's size, with medium sized 50 to 100 employee businesses spending £6,000 on physical security and larger 100-plus sized firms spending a massive £25,000. By comparison, small companies with fewer than 20 employees generally spent £1,000 on physical security per year.
The Home Office findings follow widespread warnings from the security industry suggesting UK businesses are not taking the cyber threat facing them seriously enough. Director of strategy at FireHost, Daniel Beazer, told V3 the issue is largely down to a lack of awareness about cyber threats.
Beazer added as well as a lack of awareness, those that are knowledgeable about the threat's ability to respond is being hampered by archaic legislation. "It's no surprise that small companies spend so little defending their IT estate. Sometimes it's ignorance or that the owners simply have more important battles elsewhere," he said.
"The regulatory regime in the UK imposes penalties that are so low it's often cheaper to pay the fine rather than put in proper defences, which doesn't help. Finally the security industry is a problem. Most security products are difficult to understand, difficult to put in place, and very expensive for what little they do."
Prior to the report the Home Office announced plans to launch a new cyber awareness campaign, designed to educate businesses and citizens about rising hacker threats to help solve the problem.

No comments:

Post a Comment