Small businesses must tackle cybersecurity shortages – but how?

businesses cybersecurity

Workplaces across the globe have witnessed rapid shifts towards digitalisation over the past two years. Catalysed by the pandemic, new and innovative businesses technologies have facilitated remote working, increased productivity, and changed the way in which organisations operate.

However, the adoption of new technologies will invariably open the door to those seeking to take advantage through illicit means. As such, cybersecurity is an ever-more serious issue for businesses of all sizes, with a cyberattack or data breach potentially causing major headaches.

While there are plenty of infamous examples of attacks on major brands, such as retailers Morrisons and Boots, and institutions like the NHS, its small and medium enterprises (SMEs) that are most susceptible to the effects of an attack. In fact, Markel found that 51% of small businesses have been the victim of a cybersecurity breach, with malware, data breaches, and phishing the most common forms.

This becomes even more concerning when put into the context of the widely reported digital skills gap faced by industries across the globe. Research from Salesforce’s Global Digital Skills Index revealed that 80% of UK workers do not feel ready to operate in a digital-first world, with 43% stating they feel ‘overwhelmed’ by the rate of technological change.

Indeed, cybersecurity skills shortages are a major contributor to the digital skills gap. A DCMS report found that roughly 697,000 businesses (51%) have a basic skills gap, with those in charge of cybersecurity lacking the confidence to carry out the types of basic tasks outlined in the government-endorsed Cyber Essentials scheme.

For smaller businesses and startups, which may lack the resources to attract and retain personnel with the most highly sought-after abilities, the consequences can be much more severe.

What’s at stake?

Not only are SMEs more likely to be the victim of a cybersecurity breach, but the repercussions of one can also be more severe.

Firstly, there are the immediate financial impacts of a successful breach. Over two thirds (68%) of SMEs that have experienced one reported that the financial cost was up to £5,000.

Meanwhile, a survey conducted by the European Union Agency for Cybersecurity (ENISA) found that 90% of European SMEs stated that cybersecurity issues would have serious negative impacts on their business within a week of the issues happening, with 57% saying they would most likely become bankrupt or go out of business. Certainly, when it comes to online security, the stakes are very high indeed.

Outside of the apparent financial hit occurred from the likes of malware, data loss, and phishing, cyberattacks can carry additional side effects. This can include delegating time and effort to the recovery process so that regular operations can be resumed. Elsewhere, perhaps the most detrimental side effect of all might be reputational; the chance of losing a business contract or client trust.

In an increasingly digitalised economy, and with remote working very much part of the new normal, there has never been a greater need to address the cybersecurity skills gap. To stay ahead of dangers, employees of all positions, not only advance tech roles, must be trained to sufficiently identify threats and take action.

Training across the workforce

Anyone can have a lapse in judgement and, say, click on a link in phishing email. SMEs, however, are likely to lack a robust IT department – and dedicated cybersecurity specialists – that can then take over and resolve the problem.

In fact, the aforementioned DCMS report found that almost four in ten businesses (37%) have an internal skills gap when it comes to incident response and recovery, and do not have this aspect of cyber security resourced externally.

That is why it is absolutely key that there is a fundamental level of cybersecurity skills among all employees of small businesses. Considering the fact that human error is the largest contributor to cyberattacks, and that most SMEs will not have the luxury of personnel trained in advanced tech skills, businesses should take advantage of training opportunities that enable employees to become tech competent.

Fortunately, there are options available. Digital skills bootcamps are a great example of one initiative making real progress in this area. For instance, with a £7 million grant, West Midlands Combined Authority (WMCA) has piloted over 30 digital bootcamps and trained around 2,000 adults with essential tech skills. Recently, a further £21 million was made available from the Adult Education Budget to fund the new bootcamps in the West Midlands over the next three years, with a target of supporting more than 4,000 people.

The bootcamps, which are led by industry experts, are essential for providing practical digital skills training, such as cybersecurity, to the workforce. They offer organisations clear pathways to either upskill existing employees or hire new talent and are free for participants.

The development of a tech-savvy workforce will depend heavily on digital skills bootcamps. Getting involved in such initiatives will undoubtedly be crucial for SMEs if they want to maintain a high degree of cyber security, avoid losing financial assets and their reputation, and ultimately survive in a world of increasingly sophisticated online threats. I would suggest employers look for current digital skills partnerships in their area and, if possible, participate in the courses in order to increase access to digital skills training for all workers.