Cybersecurity issues have become very prevalent in the modern era, making headlines with their disasters and fines associated with them. While it may seem obvious that businesses should take precautions to protect themselves against these potential attacks, they have been slow to move forward with improving their security measures – especially small and medium-sized enterprises (SMEs). An article on SME dives into a recent study of how prepared SMEs are for a security incident when it comes to their data breach response plan.
Why are SMEs not taking a more aggressive approach in protecting their businesses and customers? With security being a confusing topic and many small businesses lacking the security expertise needed to adequately protect themselves, many SMEs fall short.
How prepared are small businesses for a security incident?
According to a recent report released by Experian, ‘SME’s under threat’, 30% of SMEs do not have an incident response plan.
Many firms are still struggling to put in place or identify exactly what their response to this ever-increasing threat should look like. They feel overwhelmed by the threat, and given the size of the problem, end up underplaying the value of the clear solution – a data breach plan. Although companies may understand why they are attractive to cyber-criminals, it’s clear that a data breach plan can seem overwhelming to some.”
– Experian’s head of data breach services, Jim Steven
Certainly, the thought of a response plan can seem daunting and overwhelming, but what else is keeping SMEs from putting one in place? According to the Experian findings, of those SMEs who do not have a response plan in place, 51% feel a response plan is not a priority, while 39% felt they weren’t at risk of a breach.
According to Steven, top executives have a false impression that their organizations do not hold valuable data, therefore are not at risk of being a target for cybercriminals. These individuals thinking their organizations do not hold valuable data could result in devastation, as being connected to the internet alone makes a company vulnerable to a cyberattack.
Although nobody wants to think about what would happen if a security incident were to occur on their organization, it is important to know what to do in the unfortunate event of one. Incident response plans should be proactive rather than reactive and should be tested to ensure they operate as expected.