The UK government's Technology Strategy Board has extended its Innovation Vouchers scheme to allow small and medium enterprises (SMEs) to bid for up to £5,000 from a £500,000 pot to improve their cyber security by bringing in outside expertise.
Innovation Vouchers are designed to encourage start-ups and SMEs (those with up to 50 employees) to look outside their current network for new knowledge that can help them to grow and develop. The £5,000 grant is only available to businesses that do not have internal cyber security expertise, and that are working with a new technology supplier for the first time.
The Department for Business, Innovation and Skills (BIS) is also publishing guidance to help small businesses put cyber security higher up the agenda and make it part of their normal business risk management procedures. This follows on from the "10 Steps to Cyber Security" guidance released in September 2012, which was aimed at larger businesses.
“Keeping electronic information safe and secure is vital to a business’s bottom line. Companies are more at risk than ever of having their cyber security compromised, in particular small businesses, and no sector is immune from attack. But there are simple steps that can be taken to prevent the majority of incidents,” said Minister for Universities and Science David Willetts.
“The package of support we are announcing today will help small businesses protect valuable assets like financial information, websites, equipment, software and intellectual property, driving growth and keeping UK businesses ahead in the global race.”
The news is accompanied by research funded by BIS and carried out by PwC in conjunction with Infosecurity Europe, which found that more small businesses than ever are facing the threat of losing confidential information through cyber attacks.
The 2013 Information Security Breaches Survey has shown that 87 percent of small businesses across all sectors experienced a breach in the last year, up from 76 percent a year ago. The average cost of the worst security breach for small organisations was between £35,000 and £65,000.
BIS pointed to a small London insurer that did not focus enough on security, and suffered a substantial data security breach. Information such as internal announcements and business development reports were being indexed by web crawlers and being made available in search rankings.
It took the insurer nearly a month to detect the problem, and then systems had to be taken offline for a week to fix it, costing the company both time and money.
“Cyber security is an increasing risk for small and micro businesses and more and more, a barrier to growth,” said Mike Cherry, National Policy Chairman, Federation of Small Businesses.
“The FSB is very pleased to see the government announce a package of measures including specific guidance for small firms, helping them take steps towards more effective cyber security.”
The report also found that large organisations are still at high risk, with 93 percent reporting breaches in the past year. The average cost of the worst security breach for large organisations was between £450,000 and £850,000, and the vast majority of these were through cyber attacks.
While 81 percent of respondents reported that their senior management places a high or very high priority on security, many businesses leaders have not been able to translate expenditure into effective security defences, according to the report.
“Spending on cyber control as a percentage of an organisation’s IT budget is up this year from an average of 8 percent to 10 percent, but the number of breaches and their impact is also up as well so it is clear that there is work to be done in measuring the effectiveness of the security spend,” said PwC information security director Andrew Miller