Ascyber attacks increase, too many engineering and manufacturing SMEs fail tounderstand the threat or how to protect themselves, reveals a new pollĀ
A new poll of SMEs shows nearly half of practices in the engineering and manufacturing sectors are still confused by or even unaware of GDPR rules, and only around one in ten see cyber attacks as a leading risk to their business.
The poll comes on the back of a survey earlier this year from the National Cyber SecurityProgramme that revealed nearly half of UK businesses experienced at least onecyber security breach orĀ attack in 2017, with 66 per cent of SMEs and 45per cent of micro businesses shown to have been victims.
The threat of cyber attacks and fraud is one of the most prominentemerging risks in the engineering and manufacturing sector and thereās a lot ofwork being done to raise awareness, says Chris Mallett, Broking Manager for Aonwhich commissioned thelatest poll.
The threat of cyber attacks and fraud is one of the most prominent emerging risks in the engineering and manufacturing sector and thereās a lot of work being done to raise awareness, says Chris Mallett, Broking Manager for Aon which commissioned the latest poll.
Mallett points to increasing vulnerabilities associated with the growth of flexible working with staff accessing data on-the-go via their own personal computers, smartphones or tablets if data is not properly encrypted and controlled.
Yet the poll shows more than one in five SMEs in engineering and manufacturing allow the use of personal computers, tablets and phones for business purposes. In addition it reveals more than two in five are not aware that loss of personal information as a result of a cyber attack or fraud was a data breach.
The poll of 1000 SMEs carried out through OnePoll also indicates that too many companies in these sectors (more than one in five) are unaware of the need to notify authorities about a breach that has an impact on individuals and a third seem confused about the time limit for reporting, exposing their companies to the risk of huge fines.
It also reveals confusion among engineering firms over the cost to their business in the event of a data breach, with more than one in three saying they had no idea of the level of any likely financial impact.
āAlthough fines are expected to be issued as a last resort, they can be up to ā¬20 million or 4% of annual turnover,ā explains Chris Mallett. āThis means the risk presented by non-compliance with GDPR has the potential to bring a small business to its knees.ā
But Mallett stresses the lasting damage can go beyond a fine. āIt has an impact on a companyās reputation if a data breach isnāt handled correctly and it can be hard to regain trust and recover from that,” he says.
The EU rules known as GDPR, which came into force in the UK in May, drastically increased potential penalties on companies found to have misused or mismanaged clients’ personal data. According to Dr Emma Philpott this has caused companies to focus on this issue but her concern is this was, for many, a short-lived effect.
Dr Philpott is managing director of the UK Cyber Security Forum and CEO of the IASME Consortium, an accreditation body for assessing and certifying against the Government’s Cyber Essentials Scheme. āAs soon as the deadline for GDPR passed too many thought that was job done and that’s where their responsibility ended,” she says.
Philpott believes the big data breaches in the Press help to raise awareness but they can also cause data breach fatigue; a sense that the time, cost and high-end security to tackle this is complicated and overwhelming for an SME. āWhen in fact the basics don’t cost much,ā she says. āEducating staff doesn’t cost anything other than time.
“I don’t think companies realise how awful the impact of a breach can be or the amount that actually has to be done, for example mandatory reporting and keeping affected customers or clients informed,ā adds Dr Philpott. āIt can leave those clients fearful and cause reputational damage.ā
While many companies have professional indemnity insurance (PII) in place, there are often significant costs that professional indemnity wonāt pick up, adds Aonās Chris Mallett, who points to the poll results showing more than one in ten engineering and manufacturing SMEs believe theyāre covered by their PII and more than one in five admit they donāt insure against cyber risks.
āThis can leave a business liable for facing bills when they discover their PII doesnāt cover all costs,ā says Chris Mallett, who says companies are surprised by how affordable cyber insurance is. āSpecialist policies not only cover for the cost of responding to a breach, but also the costs of damages youāre legally liable to pay in the event of a breach or security failure, as well as associated legal costs.ā
