SMEs must tackle cybersecurity shortages

Workplaces across the globe have borne witness to rapid shifts towards digitalisation. New and innovative emerging tech has facilitated remote working, increased productivity, and changed the way in which businesses operate.

However, exciting new tech solutions will always attract those seeking to take advantage through illicit means. As such, cybersecurity has come to the forefront of most business leaders’ concerns. The problems that cyber-attacks bring can be potentially disastrous for an organisation of any size.

And while there are plenty of infamous examples of attacks on major brands, such as retailers Morrisons and Boots, and institutions like the NHS, it is small and medium enterprises (SMEs) that are most susceptible to the effects of an attack. For instance, Markel found that 51% of SMEs have been the victim of a cybersecurity breach, with malware, data breaches, and phishing the most common forms.

This becomes even more concerning when put into the context of the widely reported digital skills gap faced by industries across the globe. Research from Salesforce’s Global Digital Skills Index revealed that 80% of UK workers do not feel ready to operate in a digital-first world, with 43% stating they feel ‘overwhelmed’ by the rate of technological change.

Indeed, cybersecurity skills shortages are a major contributor to the digital skills gap. A DCMS report found that roughly 697,000 businesses (51 per cent) have a basic skills gap, with those in charge of cyber security lacking the confidence to carry out the types of basic tasks outlined in the government-endorsed Cyber Essentials scheme.

For SMEs, who may lack the resources to attract and retain those with the most highly sought-after abilities, the consequences can be much more severe.

What’s at stake?

Not only are SMEs more likely to be the victim of a cybersecurity breach, but the repercussions of one are far greater too.

Firstly, there are the immediate financial impacts of a successful breach. Over two thirds (68%) of SMEs that have experienced one reported that the financial cost was up to £5,000. 

Meanwhile, a survey conducted by the European Union Agency for Cybersecurity (ENISA) found that 90% of European SMEs stated that cybersecurity issues would have serious negative impacts on their business within a week of the issues happening, with 57% saying they would most likely become bankrupt or go out of business. Certainly, when it comes to online security, the stakes are much higher for SMEs.

Outside of the apparent financial hit from the likes of malware, data loss, and phishing, cyberattacks can carry additional side effects. This can include delegating time and effort to the recovery process so that regular operations can be resumed. Elsewhere, perhaps the most detrimental side effect of all might be the chance of losing a business contract or client trust.

In an increasingly digitalised economy and with work from home being the new normal, there has never been a greater need to address the cybersecurity skills gap. To avoid dangers, employees of all positions, not only those in advanced tech roles, must be sufficiently trained to identify threats and take action. To stay ahead of dangers, employees of all positions, not only advance tech roles, must be trained to sufficiently identify threats and take action.

Training across the workforce

Anyone can have a lapse in judgement and, say, click on a link in a phishing email. SMEs, however, are likely to lack an IT department that can then take over and resolve the problem.

In fact, the previously mentioned DCMS report found that almost 4 in 10 businesses (37%) have an internal skills gap when it comes to incident response and recovery, and do not have this aspect of cyber security resourced externally.

Which is why it is absolutely key that there is a fundamental level of cybersecurity skills amongst all employees. Considering the fact that human error is the largest contributor to cyber-crime and that most SMEs will not have the luxury of personnel trained in advanced tech skills, businesses should take advantage of training opportunities that enable employees to become tech competent.

Fortunately, there are options available. Digital skills bootcamps are a great example of one initiative making real progress in this area. For instance, with a £7 million grant, West Midlands Combined Authority (WMCA) has piloted over 30 digital bootcamps and trained around 2,000 adults with essential tech skills. Recently, a further £21 million was made available from the Adult Education Budget to fund the new bootcamps in the West Midlands over the next three years, with a target of supporting more than 4,000 people.

The bootcamps, which are led by industry experts, are essential for provibding practical digital skills training, such as cybersecurity, to the workforce. They offer organisations clear pathways to either upskill existing employees or hire new talent and are free for participants.

The development of a tech-savvy workforce will depend heavily on digital skills bootcamps. Getting involved in such initiatives will undoubtedly be crucial for SMEs if they want to maintain a high degree of cyber security, avoid losing financial assets and their reputation, and ultimately survive in a world of increasingly sophisticated online threats. I suggest employers look for current digital skills partnerships in their area and, where possible, engage with course providers to increase access to digital skills training for all workers.