SMEs must take information security more seriously or lose out on new work

The recent Talk Talk hack, their third in a year, has been another example that a security breach has an impact on the reputation of a company and it’s share price. How Talk Talk will come out of this remains to be seen.  No doubt large companies are currently reviewing their information security measures starting with cyber defences, but SMEs don’t appear to view security as a concern. In a meeting last week there were representatives of just over 30 SMEs. Only two knew that they should be doing something. The rest expressed little interest in finding out more on the subject.

Some SMEs rely on insurance to cover them if there is a security breach.  This is a valid approach for a minor breach, but if a company cannot operate effectively for several days while it recovers data and deals with concerned clients, those clients will start looking for alternative suppliers. Getting insurance in the future is likely to become more expensive and only given if there is evidence that basic levels of risk management are being followed.

For SMEs that don’t rely on insurance, a bigger incentive to take security more seriously comes from a KPMG survey of procurement managers in organisations with over 250 employees. 70% say SMEs should be doing more to prevent cyber attacks and protect valuable client data.  86% said they would consider removing an SME supplier if they were hacked and 94% say that security standards are important when awarding contracts to SME suppliers.  George Quigley, Partner in KPMG’s cyber security practice, commented: “Unless these organisations take a more mature approach towards cyber security now, they face the risk of being frozen out of lucrative supplier contracts”.

If you are serious about winning new business, and keeping your existing business, the first step is identifying where defences are sound, and where to make improvements. Our Information Security Healthcheck will do this.

If you want more details about what ‘information security’ please get in touch.