UK business leaders are overly optimistic and less aware of digital risks than their European counterparts, a study has revealed.
UK respondents to a survey of nearly 1,000 small to medium-sized enterprises (SMEs) consistently identified 2% to 25% fewer risks for each risk area analysed than their counterparts in France and Germany. External cyber risks were thought to be the most concerning category of digital threat for businesses by 68% of respondents, according to the survey by international law firm Gowling WLG.
This risk is expected to grow even further, with 51% of respondents believing it will increase within the next three years. External cyber risk was followed by customer security (57%), identity theft or cloning (47%) and rogue employees (42%) in the respondents’ assessments. More than one-third of them (40%) also thought that insufficient technical and business knowledge among employees was a risk to their business.
Helen Davenport, director at Gowling WLG, said recent wide-ranging external cyber attacks such as WannaCry and Petya had reinforced the real and immediate threat of cyber crime to all organisations and businesses. “However, there tends to be an ‘it won’t happen to me’ attitude among business leaders, who on the one hand anticipate that external cyber attacks will increase over the next three years, but on the other hand fail to identify such areas of risk as a concern for them,” she said. “This is likely to prevent them from preparing suitably for digital threats that they may face.”
The research revealed that while nearly one-third of UK businesses feel digital risks related to regulatory issues have increased in the past three years, only 29% believe regulatory issues are a risk to their business.
Risks related to highly sensitive or valuable data are the second most prominent set of risks to businesses, according to 55% of respondents. However, when asked about the EU’s General Data Protection Regulation(GDPR), which represents the most significant change to data protection legislation in 20 years, only 14% of UK businesses were aware of the fines they may face for failing to protect their data.
By comparison, 26% of respondents from Germany and 45% from France were aware of the maximum fines under the GDPR, putting UK business leaders at the back of the pack when it comes to understanding the risks posed by failure to comply with the regulation. The GDPR includes fines of up to €20m or 4% of global turnover, whichever is greater. Despite the identification of data risks, only 52% of UK businesses perform regular data backups, compared with 66% in Germany and 67% in France. Also, only 32% of UK businesses and 39% of German businesses are open to using off-site storage for sensitive data, compared with 50% of French businesses.
The survey revealed that although most business leaders (70%) involved IT support in their digital risk management, an average of only 31% across all three countries polled said they involved legal support. When it comes to involving legal support in digital risk management, the UK was the best at 46%, compared with 23% in Germany and 23% in France. When asked how prepared they felt for their digital risks, only 16% of all respondents said they were fully prepared.
Patrick Arben, partner at Gowling WLG, said that when affected by a cyber attack or any other digital threat, the immediate focus is to work with IT professionals to understand what has happened. “However, it is always worth taking internal or external legal advice before commencing an investigation and as circumstances change,” he said. “The essence for all business leaders is to stop ignoring the digital risks their companies face. By doing this, they can easily and proactively work to prevent future attacks from happening.” The research is being used to inform the Gowling WLG Digital Risk Calculator, an online tool designed for SMEs to highlight perceived digital risks.
The law firm said the Digital Risk Calculator was created to help business owners and executives stay ahead of the most important digital risks that may affect their businesses. Whether the issues relate to cyber security, infrastructure risks or regulatory issues, Gowling WLG said its goal was to guide them through the risks so they can focus on growing their businesses.
Author – Warwick Ashford