One in three UK SME business leaders do not trust some, most or any of their employees with confidential information. This is according to a survey of a thousand SME senior leaders and decision-makers across the UK, commissioned by CyberSmart and conducted by Censuswide*.
Of these respondents, 80% maintain this is because employees do not fully understand why it is important to keep confidential information secure (51%) or admit that the company does not have enough checks and balances, nor the technology to protect confidential information (29%).
A further 40% profess that their wariness is attributed to having been burnt in the past; and 23% believe they have disgruntled or disloyal employees. In fact, employees were ranked as the most likely to expose the company to the greatest cybersecurity risk by 30% of SME senior leaders. This was followed closely by former employees (28%), and interns or temporary staff (23%).
Interestingly, as many as 76% of all respondents do believe they, along with other members of the senior leadership team, can keep high-level meetings or confidential information private from employees because they have a secure system in place to communicate and store such information.
Yet, when digging deeper into the companies’ security policies and procedures, this appears to be an overstatement. Only 55% and 54% of SMEs have a clear set of policies and procedures for sharing information and gaining access to confidential information, respectively.
Moreover, a mere 22% have policies and procedures for deprovisioning former employees, while 13% have none of these policies at all.
“A successful business is led by its people, but they can certainly put companies at risk of a cyber incident whether intentionally or more likely, by mistake,” said Jamie Akhtar, CEO and co-founder of CyberSmart. “Indeed, this research has shown that the biggest reason SME leaders cannot trust their employees with sensitive information comes down to a lack of security awareness training and the implementation of security measures and policies.
“There even appears to be a discrepancy between the number of businesses that allegedly have secure systems in place and those failing to introduce clear policies and procedures for sharing and storing information as well as managing account access for those leaving the business.
“It is crucial that SMEs re-evaluate their cybersecurity posture and consider the people, processes and technology components of their strategy for maximum protection.”
Other key findings:
· Of the 76% of respondents that claimed to have a secure system in place to communicate and store confidential information, keeping it private from employees, only 60% and 61% have clear policies for sharing information or gaining access to confidential information, respectively. Moreover, only 24% have clear policies and procedures for deprovisioning and 7% have none of these policies.
· Of the 620 people who claimed to trust their employees fully, a quarter still believe their employees are the biggest cybersecurity risk.
· Of the 278 people who said former employees were one of the greatest cybersecurity risks, only 24% had clear policies and procedures for deprovisioning.
· 7% of senior leaders and decision-makers within the UK believe their employees are cyber savvy and can easily snoop on the company’s network and systems or hack into the company’s emails/messages.
· Other parties that are believed to pose a cybersecurity risk to companies, include: customers (19%), external partners/suppliers (19%), senior leadership (15%) and consultants (12%).
*The survey was conducted between the 30th of May 2023 and 5th of June 2023.
For the full report, compiling findings from the survey, click here
