The majority of the UK’s SMEs are not prioritising better online security in the next 12 months, despite the impending impact of the EU’s new data protection legislation.
General Data Protection Regulation (GDPR) was adopted in April 2016 and takes effect within two years.
Notwithstanding the EU referendum result, the Information Commissioner’s Office has confirmed that, ‘if the UK wants to trade with the single market on equal terms we would have to prove ‘adequacy’, in other words UK data protection standards would have to be equivalent to the EU’s GDPR framework starting in 2018’.
Findings which form part of Close Brothers’ quarterly survey of UK SME owners and senior management from a range of sectors, reveal that 63 per cent of companies have made the decision not to invest in better online security while the remaining 37 per cent indicate they would.
Ian McVicar, managing director of Close Brothers Technology Services, says that businesses of all sizes should be aware of their responsibility when it comes to protecting customer data. Keeping customers’ details safe are at the core of the EU’s new data protection legislation, General Data Protection Regulation (GDPR), which was adopted in April 2016 and takes effect within two years.
‘It is intended to strengthen and unify data protection for individuals within the EU and the penalty for non-compliance, which is up to 4 per cent of annual revenue or €20 million, whichever is the higher.’
Many SMEs ill-prepared in regards to online security
A mixed picture has also emerged about UK firms’ readiness for the impact of cyber crime on their businesses. While the majority of the UK’s small and medium-sized enterprises (SMEs) are concerned about cybercrime and the impact it might have on their business (57 per cent), a significant minority are not (36 per cent).
Further analysis of the results reveal that only 41 per cent of businesses feel ‘adequately protected’; 17 per cent are unsure of their levels of protection; 21 per cent know it is an important issue but ‘haven’t had time to look into it’, while a further 21 per cent don’t think ‘it is an issue for our business’.
When asked the question ‘do you have data breach/online security policies in place around the use of email, internet and mobile devices?’, 51 per cent of respondents answered ‘yes’, 38 per cent ‘no’ with 11 per cent ‘unsure’.
McVicar says that this picture of uncertainty may be driven by the feeling that many SMEs, particularly in sectors like construction, feel that they don’t rely on IT as much as companies in more technology-focused industries.
‘Even if this is the case, companies must remember that GDPR requires all personal data collected to be gathered lawfully, and for specific purposes only. In addition, it must be used for the purposes for which it was collected, and must be accurate and up-to-date.’