SMEs Blasé About Cyber Security
A survey of Australian SMEs undertaken by Unisys has revealed an alarmingly blasé attitude to cyber security among the CEOs of small companies, and a disconnect between their views of cyber threats and those of the CISOs, or other IT staff.
SMEs (less than 200 staff) account for 97 percent of Australian businesses. According to a 2017 white paper from NAB they also account for 57 percent of Australia’s GDP.
Unisys surveyed 88 SME CEOs and 54 CISOs (or CIOs where companies did not have a dedicated CISO). Only 27 percent of CEOs said cyber security was part of business plans, in contrast to 69 percent of CISOs. A third of CEOs thought cyber security was only an IT issue (14 percent) or a compliance issued (18 percent).
Worse was CEOs comprehensive of reality: Only six percent said they had been breached in the past 12 months. For CISOs the figure was 63 percent. Forty four percent of CEOs thought their organisation would be able to respond to a cyber threat in real time. Only 26 percent of CISOs expressed such confidence.
Some 69 percent of CISOs said cyber security should be viewed as part of the organisation’s business plans and objectives. Only 27 percent of CEOs agree with this statement.
Many SMEs are an essential component of large companies’ supply chains through subcontracting and Unisys chairman and CEO Peter Altabef told a press lunch in Sydney: “The rubber will hit the road as larger companies start insisting that the companies they do business with have good cyber hygiene.
“At Unisys we’re going to scan all of our subcontractors, and we’re going to request cyber security practices of those subcontractor or we won’t use them.”