Equally concerning is the fact that just over a third (35%) of SMBs said they had a basic data protection policy in place, while even fewer (29%) claimed to have a policy for controlling access to systems.
This is despite the advent of the GDPR almost a year ago, which could levy fines for non-compliance. An estimated 59,000 businesses across the EU had reported security breaches to regulators as of February, according to DLA Piper.
Those in the legal, and IT and telecoms sectors appeared the best prepared, with just 8% in each group claiming to have no security measures in place. At the other end of the scale, retail (43%), construction (39%) and real estate (36%) firms were most likely to have no security in place.
The research was launched to coincide with the start today of Would You Be Ready? Week, an initiative designed to improve the resilience of SMBs to cyber-related threats. This matters, as over 99% of UK PLC is technically comprised of small businesses.
“Anyone in business today needs to make sure they are cyber-risk aware,” argued Nominet head of cybersecurity, Cath Goulding.
“In addition to a strong portfolio of up-to-date and relevant security tools, to best prepare, cybersecurity needs to become part of company culture with everyone working towards the same goal — from the receptionist to the senior team.”