Over 1 in five UK SMEs (21%) are worried that their business will not survive the current economic uncertainty or expect they will have to make a significant business pivot in order to survive.
This is according to a survey of a thousand SME senior leaders and decision-makers across the UK, commissioned by CyberSmart, the category leader in simple and accessible automated cybersecurity technology for small and medium-sized enterprises (SMEs), and conducted by Censuswide*.
The UK government estimates that the country is home to at least 5.5 million SMEs. If we were to extrapolate the findings, that means potentially 1.155 million businesses are in a precarious position and risk collapse.
Remarkably, the survey also revealed that some SME senior leaders would go to great lengths to ensure the survival of the business, from engaging in cybercriminal activity and committing accounting fraud to neglecting compliance requirements.
Activities that SME senior leaders would consider engaging in, include:
- 15% would commit accounting fraud and lie to bankers/investors to secure funding, or commit tax fraud/evasion (potentially equivalent to 825,000 SMEs)
- 14% would cut employee salaries and/or benefits (potentially equivalent to 770,000 SMEs)
- 11% would leverage proprietary information from partners/clients such as selling off the data (potentially equivalent to 605,000 SMEs)
- 11% would neglect compliance requirements due to the additional costs they incur (potentially equivalent to 605,000 SMEs)
- 10% would engage in cybercriminal activity such as hitting a rival company with a cyberattack (potentially equivalent to 550,000 SMEs)
- 9% would mortgage their house (potentially equivalent to 495,000 SMEs)
Additionally, a third of SMEs have either decreased** cybersecurity spending since the economic uncertainty or admitted to never really investing in it. In fact, as many as 42% of SME senior leaders do not believe it is worth investing in cybersecurity***, with over 1 in 5 (21%) believing they are not a target. A further 16% claim it is not worth it because they have cyber insurance and 10% assert it is not a priority. Only 25% realised it was worth investing in cybersecurity because they could not afford to be breached.
“As a business owner myself, I can understand the pressure many SME decision-makers are currently facing to keep their companies running and ensure their employees are taken care of, all while budgets tighten. It is during these times that emotions run high, and people might make irrational decisions that go against their own, and their company’s, best interest,” said Jamie Akhtar, CEO and co-founder of CyberSmart.
“It goes without saying that we would never condone criminal behaviour. Moreover, we would strongly recommend that businesses do invest in cybersecurity and compliance.”
“The business ecosystem has become highly intertwined, so no business is immune from cyberattacks. In fact, SMEs could prove to be an easy entry point for cybercriminals looking to hit others within their supply chain, if they have weak cybersecurity postures,” Akhtarcontinued.
“While cyber insurance is important for risk transfer, it should not be relied on either. A comprehensive and continuous cybersecurity and compliance strategy is needed to avoid the financial, reputational and even, physical repercussions of a breach. Fortunately, there are solutions today that can help in doing so, without breaking the bank.”
* The survey was conducted between the 30th of May 2023 and 5th of June 2023.
** ‘Decreased significantly’ and ‘Decreased slightly’ responses combined.
*** ‘It is not worth it, it’s not a priority’, ‘It is not worth it, we have cyber insurance’, ‘It is not worth it, we’re not a target’ and ‘It is not worth it, other – please specify’ responses combined.