LONDON — New research commissioned by defense.com revealed that British small businesses are more willing to put their customer data at risk than impact growth, despite a rise in business-critical cyberattacks, such as ransomware, in the past 12 months.

• The research finds that many small businesses are failing to prioritise cybersecurity, with almost a quarter (24%) spending nothing on cybersecurity and a further 25% spending less than $1,200 a year. 
• When it comes to the pandemic, 35% of small to mid-sized enterprises (SMEs) believe it has increased their exposure to cyber-risk meaning many small businesses are leaving themselves open to attack. Despite this, 40% of SMEs say the pandemic didn’t encourage them to invest more in cybersecurity.
• Many small businesses believe they won’t be the target of cyberattacks and that they aren’t under threat — 34% of SMEs say one of the main reasons they don’t invest more in cybersecurity capabilities is because their business is too small, and 19% of SMEs don’t invest because they believe their business data is not a target. 
• On top of this, one-quarter (25%) of small businesses say one of the main reasons they don’t invest more in cybersecurity capabilities is because of the cost.

“These findings clearly show that British SMEs are not taking cybersecurity seriously, often through no fault of their own,” said Oliver Pinson-Roxburgh, CEO at defense.com. “The pandemic has led to a massive increase in remote working, with many small businesses operating a distributed workforce for the first time. In this time of heightened threats and remote work, a low-security budget and lack of cyber skills can seriously impact the competitiveness of SMEs. A successful cyberattack has the potential to put an SME out of business, resulting in lost jobs and livelihoods.”