UK business leaders identify far fewer risks affecting their businesses, when compared to Germany and France, according to research from the Gowling WLG Digital Risk Calculator, which launches today. This new free tool allows small and medium sized businesses to better understand their digital risks and compare these to other businesses and industries.
Research informing the Gowling WLG Digital Risk Calculator was gathered from 999 large SMEs in the UK, France and Germany. Findings reveal an overly optimistic picture among UK business leaders, with UK respondents identifying far fewer digital risks as a threat to their business; when compared to the views of their European counterparts. UK respondents consistently identified between two and 25 per cent less than non-UK respondents for each risk area analysed.
Helen Davenport, director at Gowling WLG, says, ‘The recent wide ranging external cyber-attacks such as the Wannacry and Petya hacks reinforce the real and immediate threat of cyber-crime to all organisations and businesses.
‘However, there tends to be an “it won’t happen to me” attitude among business leaders, who on one hand anticipate external cyber-attacks will increase over the next three years, but on the other fail to identify such areas of risk as a concern for them. This is likely preventing them from preparing suitably for digital threats that they may face.’
Respondents reveal external cyber risks (69 per cent) are thought to be the most concerning category of digital threat for businesses across all countries surveyed. This risk is anticipated to grow even further, with 51 per cent of respondents believing that it will increase within the next three years.
Other digital risks of concern to participants include customer security (57 per cent), identity theft / cloning (47 per cent) and rogue employees (42 per cent). More than a third of respondents (40 per cent) also believe that the lack of sufficient technical and business knowledge amongst employees is a risk to their business.
Additionally, one third (32 per cent) of UK businesses feel that digital risks related to regulatory issues have increased during the past three years. However, less than a third (29 per cent) believe that regulatory issues are a risk to their business.
Data protection
Risks related to highly sensitive/valuable data are the second most prominent risk to businesses (55 per cent), according to respondents. However, when asked about the GDPR, which represents the most significant change to data protection legislation in the last 20 years, only one seventh (14 per cent) of UK businesses were aware of the fines they may face for failing to protect their data. In comparison, 26 per cent of respondents from Germany and 45 per cent from France were aware of the maximum fine, placing UK business leaders at the back of the pack when it comes to understanding the risks posed by failure to comply with the GDPR.
Despite the identification of data risks, only 52 per cent of UK businesses do regular data back-ups, compared to 66 per cent in Germany and 67 per cent in France. Moreover, only 32 per cent of UK businesses and 39% of businesses in Germany open to using off-site storage for sensitive data today, compared to 50 per cent of French businesses.
Legal support
Given the changing nature of the digital world, the majority of business leaders (70 per cent) involve IT support in their digital risk management. However, in comparison the number that say they involve legal support drops significantly down to an average across the surveyed nations of just 31 per cent (46 per cent UK, 23 per cent Germany and 23 per cent France, respectively).
When asked about how prepared they feel for their digital risks, only 16 per cent of all respondents stated that they are fully prepared.
Patrick Arben, partner at Gowling WLG, comments, ‘When affected by a cyber-attack or any other digital threat, the immediate focus is to work with IT professionals to understand what has happened. However, it is always worth taking internal or external legal advice, before commencing an investigation and as circumstances change.
‘The essence for all business leaders is to stop ignoring the digital risks their companies face. By doing this, they can easily and proactively work to prevent future attacks from happening.’