Skip to main content

Lack of SME cyber security knowledge presents opportunities for IT contractors

Paystream News


Friday 23rd Sep, 2016

Limited company contractors with cyber security skills could find their services in higher demand as a new report reveals a concerning lack of digital protection among small and medium-sized enterprises (SMEs) in the UK.

Analysis carried out by Juniper Research shows that 50 per cent of small businesses have been the victim of a cyber breach in the past, although 86 per cent believe they are taking adequate steps to reduce their firms' vulnerability.

However, when the report authors dug a little deeper to find out exactly what protective measures SMEs have in place, it was revealed that just 25 per cent have a dedicated security executive and under one-third (31 per cent) monitor incoming emails for phishing attempts.

What's more, it was found that less than half (48 per cent) have secure practice guidelines in place, while just 27 per cent regularly conduct penetration tests to determine their likelihood of being affected by a cyber attack.

Windsor Holden, head of forecasting and consultancy at Juniper Research, commented: "Cyber security is a big concern for businesses of all sizes, as an attack could cost millions of pounds in lost data, reputation, time and customers. Yet our study shows that businesses believe they are far more secure than they really are."

As a result, limited company contractors and freelancers with cyber security expertise could offer their services to small businesses that are struggling to protect their digital assets by discussing the value they could add to their operations over the long term for just a short-term contract and fee.

Juniper's research also found that almost one-fifth (18 per cent) of SME owners would wait until the following working day to report a cyber breach, potentially placing their business at further risk. Therefore, IT contractors specialising in this area could do their bit to educate organisations about the extent of the damage that could result from failure to report a cyber attack promptly, charging for access to their consultancy and expertise.

Back to the Top