NINE in ten small businesses and start-ups are vulnerable to cyber-attacks, loss of customer and business data and other IT risks which could threaten the loss of entire companies, research has found.
CareersinAudit.com surveyed 304 IT and financial auditors between May and June 2016, and found that loss of customer/business data topped the list of greatest IT risks (38%), followed by cyber-attacks (21%) and not being compliant to existing regulation (17%).
The majority of auditors surveyed believe that business owners think that the cost for IT investment is not a top priority compared to other business costs and are not taking responsibility or ownership for IT protection.
The research also revealed that nearly half of auditors (47%) believe that most start-ups and small businesses do not have a disaster recovery plan in place at all with a further 17% saying that those that do will only set this up once and not review again.
Other highlights of the research revealed:
- 42% IT and financial auditors believe that industry bodies or regulators are NOT doing enough to raise awareness about the different IT risks with a further 32% undecided
- 45% of those surveyed feel that the Government should be doing more to help small businesses and start ups
Simon Wright, Operations Director, CareersinAudit, said: “It is clear from our latest research that many businesses are leaving themselves hugely exposed by having weak risk management systems and in some cases none in place at all.
“Complacency or holding the view, “it won’t happen to my business” could prove to be extremely foolish as just one cyber-attack or leakage of customer data could have irreversible impact on the business – not just financially but the reputational damage as well.
“It’s time more businesses took greater responsibility to mitigate against IT risk alongside regulators and Government helping with potential educational and training initiatives and providing possible funding assistance for start-ups and small businesses.”
Bobby Lane, partner at Top 50+50 firm Shelley Stock Hutter, said: “Most SMEs do not understand the risks to their businesses and how catastrophic a cyberattack could be. It is not just about losing important data or the ability to operate but also the confidence of your customers. They must know the risks, threats and plan appropriately.”