Government warning for SMEs lacking cyber security
The Government has warned businesses across the UK that they risk large fines from next year if they fail to have adequate cyber-security in place.
The Network and Information Systems (NIS) directive becomes law next May and firms could face fines of up to £17 million, or 4% of their global turnover, should they fail to protect data from hackers.
It comes as research from Databarracks revealed that 31% of companies have been impacted by cyber-crime in the past 12 months.
The directive is separate to General Data Protection Regulation and aims to ensure that essential services are protected, such as energy, water, health and transport firms.
According to Databarracks, firms will need to ensure that they invest in cyber-security training and awareness programmes, as the Government has proposed to fine businesses that do not protect themselves.
These will only apply to organisations that have not put adequate safeguards in place, yet the latest Data Health Check report found that more than four in ten firms had not invested in security in the last year.
In the same time period, only 34% of firms have invested in cyber awareness training and around one in ten have certified to a cyber security framework.
This leaves a large proportion of firms that potentially unprotected and which could face a significant financial burden should they be targeted.
The need to constantly communicate about risk forms a key aspect of protecting businesses, yet the research suggests the majority of firms are not doing it enough.
According to the study, awareness training needs to be applied to all staff too, and should not be limited to a short introduction that given to new starters.
Databarracks claim that it is better to investment in good cyber-security practices at an early stage, so as to avoid paying the price in the long-term.
The potential fines could cripple a business or leave it on the brink of insolvency, especially if they lack the means of sourcing finance to cover the necessary outlays.
If a business is unsure of whether it can finance changes to its operations, then an independent business review may provide useful insight – from checking the general health of a business to taking an unbiased look at a company’s assets, forecasts and long-term strategies.
By Phil Smith