More than two-thirds (69%) of UK small and medium enterprises (SMEs) lack a cybersecurity policy, according to figures from specialist insurance firm Markel Direct.
The research identified a significant lack of basic cybersecurity measures and hygiene in place across these companies.
This included 43% admitting that their employees are not trained on best practices and potential threats, while just 35% encourage their employees to update passwords.
Additionally, only around half (52%) of SMEs use multi-factor authentication (MFA).
Regarding security tooling and software, 72% of SMEs said they have antivirus/anti-malware software in place, 49% have email filtering for spam and phishing emails, 47% have a firewall and 46% have secure Wi-Fi networks.
Under half of surveyed companies conduct regular data backups (46%) and have data encryption (44%).
More than two-thirds (69%) regularly update system software.
The survey of 500 SMEs also found that half (49%) would not know what to do in the event a cyber-attack.
A similar proportion (53%) do not have cyber insurance in place in case of a breach.
When asked how they secure company data when accessed by employees working from home, 52% of SMEs said they use virtual private network (VPN) access, 48% train their employees on secure remote work practices and 46% have remote access policies and controls in place.
Biggest SME Cybersecurity Concerns
The biggest cybersecurity concern for UK SMEs for the future was the increasing sophistication of cyber threats (62%), fuelled by AI and other emerging technologies.
This was followed by securing remote work environments (23%), ransomware and other forms of malware (22%), emerging technologies and their implications (21%), insufficient budget/resources for cybersecurity (19%) and vulnerabilities associated with third-party vendors and suppliers (19%).
Rob Rees, Divisional Director of Markel Direct, commented: ‘Staying ahead of cyber threats is crucial for small business owners, especially as AI-driven attacks continue to evolve. Having a robust cybersecurity policy in place can help create a framework to safeguard against ongoing threats, whilst cyber insurance can help to protect your business in the event of a targeted attack.”
A survey by JumpCloud in July 2024 found that 49% of SME IT teams believe they lack the resources and staffing to defend their organization against cyber-threats.
