A staggering 48 percent of small businesses in the UK do not provide cybersecurity awareness training for employees, leaving them vulnerable to a growing range of cyber threats.

Probrand, an IT solutions provider based in Birmingham, assessed the cybersecurity measures of small to mid-sized organisations across various sectors. The analysis, conducted in collaboration with YouGov, estimated that 11 percent of businesses and 8 percent of charities have fallen victim to at least one cybercrime in the last 12 months.

The report noted that nearly half of the organisations surveyed (47%) do not use up-to-date antivirus software, while 15 percent of businesses lack firewall protections, which are crucial for shielding networks from external cyber threats.

Mind the Gap

Commenting on the cybersecurity gaps Matt Royle, Probrand’s Marketing Director, said, “It’s clear to see cyber threats are increasing in volume and complexity, particularly with the dawning of AI, which is powering a new wave of attacks on businesses and public sector organisations alike.  

“Remembering that all the threat actors are interested in is making money, it is no surprise that we see small businesses and charities are seen to be easier targets. As human beings we are naturally error prone, and hackers are tuned into this weak link.  That is why it’s so important for UK businesses to provide continuous cybersecurity awareness testing and training to all employees. This will help keep them consistently aware of the latest tactics being used, and help them identify and act upon cyber attacks to minimise the risk of financial impact on their organisation.

“Businesses need to up their game based on our research and the YouGov data. Other findings revealed 29% of businesses had no patch management in place – a process which is critical in maintaining ongoing security and productivity. Overall, it is clear there is a need for businesses to improve how they mitigate risks, defend and recover from cyber threats, which includes updating their cybersecurity stance from a technology and employee awareness perspective.”

Five Layers of Cybersecurity

The report outlines a five-layer approach to cybersecurity for businesses to better manage and mitigate potential threats:

Identify: Businesses are encouraged to thoroughly understand their IT infrastructure and the data within their systems. An external audit or penetration test can provide insights into vulnerabilities and assess potential attack vectors.

Protect: Following a comprehensive assessment, organisations should implement protections, such as multi-factor authentication and complex password policies. Enhanced email security can also reduce the risk of phishing and spam-related attacks.

Detect: Continuous monitoring of systems is essential for identifying suspicious activity. Investing in a Security Information and Event Management (SIEM) tool, like Microsoft Sentinel, helps organisations detect potential threats early and enables timely responses.

Respond: An incident response plan is essential to minimise the impact of cyber-attacks. Probrand’s research revealed that 81 percent of small businesses lack a disaster recovery (DR) plan to respond to major cybersecurity incidents, which is critical for a rapid and organised response.

Recover: Ransomware attacks can disrupt businesses severely, and Probrand notes that organisations should consider both backup and cyber insurance policies as part of their recovery strategy. Businesses should validate backups and carefully screen data to avoid reintroducing compromised elements during recovery.