A common myth which continues to be believed by many SME owners is that their business is unlikely to suffer from a data breach. The reasoning behind that is that they are of the opinion that their company is too small to be targeted by hackers. Instead, they point towards the high profile breaches that are reported across the media, as evidence that large organisations are more at risk. However, the reality is very different. Data breaches are taking place all the time, varying in seriousness, to businesses of all sizes. In fact, it’s been found recently that 61% of breaches are suffered by SMEs. Due to the scale of companies involved, you may not hear about them in the news, but that doesn’t mean they aren’t taking place. They are.

Why isn’t security being prioritised by SMEs?

The risk to SMEs is very real. So why is security not being prioritised?

There are several possible explanations as to why SMEs are not doing more to protect themselves from a data breach. One is a lack of expertise and knowledge. Smaller businesses are much less likely to have a security expert in place, resulting in a lack of awareness from employees within. Without being guided by a specialised individual, it’s unlikely that much emphasis will be placed on security procedures. Consequently, strategies will not be deployed, making a business more vulnerable to suffering an attack.

In addition to a lack of expertise, smaller businesses are also often hampered by a lack of time and resources. Large organisations will have designated specialists on hand to update and review security procedures; a luxury not shared by smaller firms. Updating infrastructure systems is very costly, and most SMEs lack the finances to implement such a radical upgrade. Keeping on top of all the latest threats is also time consuming, meaning it’s often neglected by smaller businesses.

Time for change

As highlighted, there are several obstacles which are preventing SMEs from being proactive in their approach to security. However, both their methods, and mindset, in relation to being at risk, must change. The cost of suffering a breach can be devastating to a business, meaning more must be done to reduce its probability. Action must be taken immediately, not only considered when an attack has already been launched.

Every business, no matter the size or standing, is at risk.