Businesses still do not have a cyber security plan

Small businesses are failing to plan their cyber security appropriately

Gettyimages 697853664 WEB
Fergus Caheny
Published: 09 Jun 2017 Updated: 13 Jun 2022

Nearly half (45%) of small businesses don’t have a cyber security plan for their business according to research by Smith & Williamson, the accountancy, investment management and tax group.*

Cyber Security254824216

The recent WannaCry cyber attack crippled parts of the NHS as well as other high profile companies such as Nissan and Renault and the effects are still being felt. However, despite the well-publicised effect of what was a relatively low tech attack, recent research has indicated that many small businesses do not have a plan for their business should they find themselves in a similar situation.

“For an investor, a business that has thought about their cyber security and has more control of their tech estate can be more attractive for investment. It shows that they take these things seriously and is a reflection of the culture and values the company has,” said Fergus Caheny, partner and head of technology at Smith & Williamson.

“A well thought out, and developed, cyber security plan tends to translate to a business that can identify and react appropriately to the many factors affecting their business. Control of their tech estate is key for any well-managed company. It is now, and increasingly in the future, one way for an investor to get to the heart of a business and ascertain the true nature of the management and the culture within.”

“We wouldn’t expect all early stage businesses to be spending extravagant amounts on developing a plan and high-tech software. However, the owners and managers should be able to demonstrate that they have thought of the problems and have a plan should the worst happen. Equally we would expect the tech investment to scale and grow as the business does.”

One example where cyber security will come to the fore is the new General Data Protection Regulation (GDPR), which takes effect from 25 May 2018. It is sweeping regulation that affects almost every business that has, keeps or uses personal data. The regulation aims to give individuals more control over how their personal data is used. It imposes requirements for organisations to have cyber security rules and plans in place, with the consequences for failing to comply being very substantial fines.

“The issue of cyber security is not going away. Investors need to be confident that a business is prepared otherwise this could jeopardise existing and future investment. A company who does not have a full handle on their tech estate now is in a race against time to ensure they do before next May,” finished Fergus.

*Information sourced from independent research by Smith & Williamson, surveying business leaders and entrepreneurs across the UK. Data accurate as of May 2017

By necessity, this briefing can only provide a short overview and it is essential to seek professional advice before applying the contents of this article. This briefing does not constitute advice nor a recommendation relating to the acquisition or disposal of investments. No responsibility can be taken for any loss arising from action taken or refrained from on the basis of this publication. Details correct at time of writing.


This article was previously published on Smith & Williamson prior to the launch of Evelyn Partners.