According to the UK government’s annual report “Cybersecurity Breach Survey 2023,” Small businesses are less proactive in identifying cyber threats than they were a year ago. Given the current economic climate in the UK, senior executives in charge of smaller organizations see cybersecurity as a secondary concern. As a result, there is less logging and monitoring of breaches or attacks.
Cyber Security: Key Findings
The proportion of small and micro businesses that say cybersecurity is a top priority will drop from 80% in 2022 to 68% in 2023. The data reflect a sudden decline in cybersecurity due to external factors such as economic uncertainty and inflation.
According to the government’s guidance, most cyber threats are simple in nature and only require small businesses to implement “cyber hygiene measures”. This may include restricted administrator privileges and network firewalls, cloud backups, passwords and updated malware protection. Both small businesses and charities are currently using these anti-fraud tools extensively.
However, in the last three rounds of this survey, we have seen a decrease in the use of cyber hygiene measures in some areas. Network firewall usage is expected to decline from 78 percent in 2021 to 66 percent in 2023. Restrictions on administrator privileges are also expected to drop from 75 percent in 2021 to 67 percent this year. The use of password policies could drop from 79 percent in 2021 to 70 percent in 2023.
These findings are troubling because poor cyber hygiene can have serious consequences: data breaches, security incidents and data loss.
More vulnerable to hacking than ever
According to the study, 66 percent of small businesses lack a board member or trustee to oversee their organization’s cybersecurity. The changing business environment and shift to remote work further complicates the ability to identify cybersecurity attacks.
john davis“In today’s climate, businesses are facing significant pressure from inflation and supply chain issues,” said the UK and Ireland Director of SANS Institute EMEA, the world’s largest provider of cybersecurity education.
“Hackers are looking to take advantage of this. Their attacks are more pervasive, more sophisticated and harder to detect,” he added.
Most small businesses lack IT teams, so Davis recommends moving operations to the cloud because it includes robust security.