Only 9% of SMEs run training courses or email updates teaching staff about IT security risks, finds a Cyber Crime Observatory run by Politecnico di Milano School of Management. This number rises to 20% of medium-small firms and 24% of larger firms.
The researchers analysed the information security systems and expenditure breakdown of 803 SMEs operating in Italy last year.
Alessandro Piva, director of the research observatory says:
“Cybercrime has grown dramatically over the past months, alongside a continued rise in ransomware, where hackers demand payment of a ransom to release data, and attacks on products linked to the Internet of Things.
“Yet despite this, SMEs are not taking the threat seriously, with only 9% running training courses or merely emailing information to their employees. Although 93% of SMEs report that they allocated a security budget for 2016, this does not necessarily mean that it was spent in a well-informed manner. In fact, the top reported reason for security expenditure was to comply with legislation (48%).”
Companies are struggling to look beyond the short-term and are failing to create robust, future-focused cyber security plans.
“The need for a long-term approach to how information and privacy are managed and the organisation’s data is kept confidential should be a top concern of a company’s upper management.
“It seems that smaller organisations don’t anticipate that they will be targeted as victims of cybercrime in the same way as, say, Yahoo in 2013, where a hack left over one billion users’ information publicly available. Yet without a contingency plan or any preventative measures, these companies are leaving themselves wide-open for potentially devastating cyber-attacks.”