Photo of Oliver Pinson-Roxburgh

Oliver Pinson-Roxburgh

CEO and Co-Founder

31st August 2021

Data from’s latest survey reveals serious barriers and misconceptions about cyber security among SMEs.

We surveyed over 600 SMEs about their thoughts on cyber security, protocols and their overall readiness.

The results were alarming. Not only did data reveal large gaps in knowledge, and in some instances naivety regarding cyber security, but many SMEs shy away from essential security measures due to perceived complexity and processes.

Nearly 40% of respondents noted that training was not a business priority. Even more worryingly, more than 1 in 10 businesses never provide training or devote resources to cyber security - an aspect of your business that should be considered business-critical.

What is promising is the level of awareness amongst SMEs. The majority of respondents recognise the value of cyber security measures but a lack of clarity in the ‘how’ still exists.

We’re here to set the record straight and give you a clear breakdown of why you need to consider cyber security as a critical aspect of your business and how it’s not as complicated as you may think.

48% of respondents use 2 or more vendors for cyber security solutions

Would you use two different banks for your business? You may have different accounts and account managers, but typically, it is viewed as operationally efficient to have one company handling all your finances. Your cyber security is no different.

Streamlining cyber security processes is key for SMEs. SMEs are usually time poor with attention focused on other areas of the business. Cyber security is, therefore, generally outsourced for different aspects to multiple ‘specialists’. The assumption that having several experts on the roster bolsters cyber security, is a false one. Not only is this not cost-effective (finance being a barrier to cyber security for many SMEs), it isn’t an effective way to manage an essential part of your business. The benefits of using one vendor greatly outweigh those of multiple companies.

With one supplier you can:

  • Easily keep track of contracts and licenses
  • Reduce the risk of duplication, saving on cost and time
  • Build relationships faster
  • Integrate different products more effectively and efficiently

There may be some pros to working with numerous vendors, but there are certainly more negatives. From our research, operational efficiency is a key factor in decision making for SMEs. Working with several suppliers could be counterproductive to that mindset. Multiple suppliers can overcomplicate matters and potentially increase the number of tools being used on your systems creating confusion, duplication of work and also deliver varying standards of service.

A third of businesses regard ‘employee knowledge’ as the biggest threat to cyber security

You can have all the latest high-tech cyber security tests and protocols, but if your employees can’t tell the difference between phishing emails or suspicious pop-ups, then you’ve not invested your money correctly.

Your employees are the first line of defence to threat actors. They can identify and report attacks, potentially saving you time, money and reputational damage. Investing in training is an essential component of any business’ cyber resilience. Cyber awareness training is highly recommended for any organisation. Providing the basics of the ‘what’ and ‘how’ of cyber security will increase your employees’ confidence and directly impact your business.

The majority of respondents (54%) are more concerned about cyber security since the pandemic

Cyber attacks did increase during the pandemic. A combination of social factors and the rush to adopt new remote working practises created the perfect storm of opportunity and vulnerabilities. Cyber security has become even more business-critical because of remote working and businesses must make it a priority.

Accessing work from personal devices increases the probability of cyber attacks. According to the Department for Digital Culture, Media and Sport, only 23% of businesses cover home-working in cyber security policies and 84% of businesses didn’t adjust their practises during Covid-19 despite the increased remote connectivity.

Our findings amongst SMEs, combined with the DCMS report, highlight the need for an updated policy to protect those working from home. Tight budgets mean that it is often not viable to provide equipment to all employees so many use personal devices. Personal devices increase the likelihood of a breach, putting your business’ critical assets at risk. Regular penetration testing is advisable to stress-test your security perimeters. This is particularly important for your networks and cloud server if you’re operating on a hybrid working model.


Cyber attacks are on the rise and every day, cyber criminals use more sophisticated methods to breach your systems. Unfortunately, it isn’t a case of ‘if’ but ‘when’. Using trusted experts to manage your cyber security is highly advisable. You need to safeguard your business and you need someone you can trust.

Easily manage cyber risks with

Get access to comprehensive security tools and expertise, without the enterprise price tag.
No advanced knowledge required – we’ll take care of the heavy lifting for you.

Find out more about the 7 steps to securing your business and sign up for a free trial today.