UK SMEs Don’t Have Cybersecurity Recovery Plans

Following the WannaCry cyber-attack and the IT collapse at BA, research shows business still don't have a cyber security plan.

Nearly half (45 per cent) of small businesses don’t have a cyber security plan for their business according to research by Smith & Williamson, the accountancy, investment management and tax group.

The recent WannaCry cyber-attack crippled parts of the NHS as well as other high profile companies such as Nissan and Renault and the effects are still being felt. However, despite the well-publicised effect of what was a relatively low tech attack, recent research has indicated that many small businesses do not have a plan for their business should they find themselves in a similar situation.

‘For an investor, a business that has thought about their cyber security and has more control of their tech estate can be more attractive for investment. It shows that they take these things seriously and is a reflection of the culture and values the company has,’ says Fergus Caheny, partner and head of technology at Smith & Williamson.

‘A well thought out, and developed, cyber security plan tends to translate to a business that can identify and react appropriately to the many factors affecting their business. Control of their tech estate is key for any well-managed company. It is now, and increasingly in the future, one way for an investor to get to the heart of a business and ascertain the true nature of the management and the culture within.
‘We wouldn’t expect all early stage businesses to be spending extravagant amounts on developing a plan and high-tech software. However, the owners and managers should be able to demonstrate that they have thought of the problems and have a plan should the worst happen. Equally we would expect the tech investment to scale and grow as the business does.’

One example where cyber security will come to the fore is the new General Data Protection Regulation (GDPR), which takes effect from 25 May 2018. It is sweeping regulation that affects almost every business that has, keeps or uses personal data.
The regulation aims to give individuals more control over how their personal data is used. It imposes requirements for organisations to have cyber security rules and plans in place, with the consequences for failing to comply being very substantial fines.

‘The issue of cyber security is not going away. Investors need to be confident that a business is prepared otherwise this could jeopardise existing and future investment. A company who does not have a full handle on their tech estate now is in a race against time to ensure they do before next May,’ concludes Fergus.

Small Busines UK:    Image: Nick Youngson

You Might Also Read:

SMEs And Cyber Insurance:

Cyber Security Myths for SMEs (£):

Eight Steps To The GDPR Countdown:

 

 

« North Korea, WannaCry, Cyberattacks And Lazarus
Australia Implements Mandatory Data Breach Reporting »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Social-Engineer

Social-Engineer

Social-Engineer is a team of outside–the–box thinkers that share a common focus on human-to-human social engineering.

Giesecke+Devrient (G+D)

Giesecke+Devrient (G+D)

Giesecke+Devrient develop security technologies in four major areas: enabling secure payment, providing trusted connectivity, safeguarding identities and protecting digital infrastructures.

Soracom

Soracom

Soracom offers secure, scalable, cloud-native connectivity developed specifically for the Internet of Things.

Cisco Talos

Cisco Talos

Talos is an industry-leading threat intelligence solution that protects your organization’s people, data and infrastructure from active adversaries.

OnSystem Logic

OnSystem Logic

OnSystem Logic has developed a unique, patent-pending solution to solve the problem of the exploitation of flaws in application software as a technique for cyber attacks.

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

TechRate

TechRate

Techrate is an analytics agency focused on blockchain technology and engineering. Or expertise includes security and technical audits of projects.

Lucata

Lucata

Lucata solutions support groundbreaking graph analytics and improved machine learning for organizations in financial services, cybersecurity, healthcare, pharmaceuticals, telecommunications and more.

Chartered Institute of Information Security (CIISec)

Chartered Institute of Information Security (CIISec)

CIISec is dedicated to helping individuals and organisations develop capability and competency in cyber security.

ThreatLocker

ThreatLocker

The ThreatLocker Platform provides a Zero Trust security solution that offers a unified approach to protecting users, devices, and networks against the exploitation of zero day vulnerabilities.

NexGen Cyber

NexGen Cyber

NexGen Cyber helps customers in commercial SMB markets with IT security, security integration, service management, outsourced service transition, and transformative security solutions.

Intel Ignite

Intel Ignite

Intel Ignite is an internationally renowned acceleration program for early-stage deep tech startups.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.

B2Bcert

B2Bcert

B2BCERT one of the top companies offering ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001, ISO 20000,CE Marking, HACCP, and other globally accepted standards and Management solutions.

IONIX

IONIX

IONIX (formerly Cyberpion) is the attack surface management solution that uses Connective Intelligence to shine a spotlight on exploitable risks across your supply chain.

Heritage Cyber World

Heritage Cyber World

Heritage Cyber World is a one stop solution for all your security needs that brings together a team of security experts and analysts to deliver high-class security services.