Fast-paced startup businesses are an exciting place to work, with huge opportunities for growth. But sometimes that growth means cybersecurity can take a backseat. Yet a cyberattack can be devastating for businesses large and small, quickly knocking its trajectory off course with the click of a button.
This is why it’s so worrying to see that the smallest UK businesses (micro-businesses) appear to have deprioritised cybersecurity, with the percentage saying it is a “high priority” dropping from 80% to just 68% this past year.
The data indicated that wider economic pressures could be a contributing factor to this decrease, as inflation and financial uncertainty continues. Though it might be tempting to cut back on cybersecurity in the current market and reduce costs to maintain and grow profitability, this isn’t recommended.
As a business owner, you wouldn’t leave your premises unlocked or your till unattended, so why wouldn’t you ensure you have appropriate protections for your business online to prevent cyberattacks and online fraud?
Size doesn’t matter to cybercriminals
Cybercriminals are often opportunists looking for weak spots as they trawl IP addresses using automated software. This means it’s not just large household names that fall victim to such activities. Just because your business is small or not involved in the national infrastructure, doesn’t mean you won’t be targeted.
Startups can be particularly vulnerable as by nature they involve fast-paced environments, quick decision making and new or less familiar supply chains. When setting up contracts with new suppliers, fraudulent invoicing and email impersonations can be more difficult to spot.
The use of shared office spaces can also increase risk, exposing businesses to insecure WiFi networks and people who are not bound by your own business guidelines. There can also be more passing strangers who might have ulterior motives for being in the workspace, meaning employees need to be alert when working in such locations.
Attacks are more common than you might think. The 2023 cyber security breaches survey reported that almost a third of businesses (32%) and a quarter of charities (24%) reported breaches or attacks in the past 12 months alone.
This again emphasises the real and ongoing threat, with the average victim losing £15,300. A loss which is far more detrimental to a startup’s bottom line than larger bands such as Apple or Microsoft.
Challenges surrounding recruiting cybersecurity talent and tight resource demands can be particularly frustrating for startups who are trying to balance growth and business longevity. According to government figures, half of UK businesses have a cybersecurity skills gap they are struggling to fill. Meanwhile, other data shows that businesses are spending only a small portion of their IT budgets on cybersecurity.
Whilst not all businesses can feasibly dedicate more to cyber, there are several really basic actions that can take your startup in the right direction. A much-needed safety net can be to sign up to your local business resilience centre such as the NEBRC, which can help prevent risk and respond to any attacks.
Or similar services in your areas which can be accessed via the National CRC Group. As non-profit, police-led services, businesses benefit from the extended team’s experience, knowledge of NCSC guidance and how this can be applied to startups.
The startup cyber advantage
Whilst tackling and resolving these threats can come at a huge cost, startups have the unique advantage of being able to implement cybersecurity best practices from the offset and embedding it into company culture.
Think about it, it’s much easier to train staff on best practice when they join the team compared to a few years down the line when bad habits have already been formed. For example, trying to persuade employees to use three random words for their passwords, which is in line with NCSC guidance.
For startups who are struggling to prioritise cybersecurity to avoid falling victim to common threats such as phishing, ransomware and hacking, there are low-cost steps which can be taken.
For example, patching devices and keeping them up to date with all new updates is a wise idea to minimise vulnerabilities. Small businesses can create and enforce processes like this from the company’s early years, ensuring fewer devices slip through the net and become a target.
A business continuity plan is something that Big Tech companies will likely have, yet many smaller businesses don’t think about it until they need one. Putting a plan in place as a cautionary measure is just one way to better prepare your business should the worst happen.
The message is clear: startups, neglect cybersecurity at your own peril. It’s time for small businesses to take cybersecurity seriously and invest in their safety.
Rebecca Chapman is the CEO and director at The Business Resilience Centre for the North East (NEBRC) and a police superintendent.