SMEs Underestimate the Risks of Sensitive Data Breaches

By July 04, 2013

SMEs are endangering the security of larger companies, by not taking adequate preventive measures to safeguard sensitive data. Larger firms are therefore being urged to work with the smaller providers in their supply chain in order to ensure their own data security.

By not putting in place adequate information security measures, small and medium-sized companies (SMEs) in the United Kingdom are endangering themselves, and may also be putting the larger firms they work with at risk. A recently-published study by Shred-it, a global data protection firm, reveals that SMEs in the UK do not take enough care in the management and destruction of confidential documents. Shred-it is therefore encouraging large firms in the UK to help the SMEs they work with to improve their information security measures in order to maintain the integrity of their supply chain.  The priorities in this regard should be to share security protocols and to clearly highlight the potential costs which these risks may entail, says Shred-it.

Involving employees more in company data protection

The report points to a wide gap between the security protocols put in place by small firms on the one hand, and large companies on the other. SMEs are ten times less likely to have set up an information security system than large firms. Similarly, firms with revenue of over £1 million are eight times more likely to use a professional shredding company to dispose of their sensitive documents. Some 95% of large businesses have designated an employee to oversee data protection, compared with only 53% of small ones. Moreover, with an increasing amount of information being stored in electronic form, it is equally worrying to see that less than a quarter (23%) of large firms, and only 25% of small ones take steps to crush hard drives on obsolete IT equipment containing data. This means they are putting both themselves and their customers at risk.

Potential cost of data breaches underrated

Last but not least, the Shred-it report reveals that two out of every five large businesses suffering a data breach have incurred financial losses of over £500,000, while average fines of £150,000 imposed by the UK Information Commissioner’s Office for infringing data protection regulations are large enough for 30% of companies to have to lay off staff as a result. While large companies may be able to absorb the cost, such sums represent a huge financial risk for SMEs, in addition to the likely damage to their reputation, which could seriously affect their relationships with their customers and other business partners. Despite the threat of heavy fines and tarnished reputations, SMEs are often unaware of the impact a data breach could have on their firm. Some 88% of large businesses – twice the number of small firms – are likely to be aware of the recently updated requirements of the EU Data Protection Directive. And although the gap is narrower, small firms are still less likely to be aware of the UK Data Protection Act (72%) than large companies (92%).

Legal mentions © L’Atelier BNP Paribas