“As soon as the deadline for GDPR (General Data Protection Regulation) passed, too many thought that was job done and that’s where their responsibility ended.”
Those were the words of UK Cyber Security Forum’s Dr Emma Philpott, as quoted by Aon when it released the findings of its SME Cyber Survey 2018 conducted by OnePoll. The study involved 1,000 small- and medium-sized enterprises.
Here are some of the key figures from the Aon-commissioned survey:
“I don’t think companies realise how awful the impact of a breach can be or the amount that actually has to be done,” said Philpott, who is also chief executive of the IASME Consortium, an accreditation body for assessing and certifying against the government’s Cyber Essentials Scheme.
“It involves everything from mandatory reporting to keeping affected customers or clients informed. It can leave those clients fearful and cause reputational damage. It’s not just about replacing laptops or paying a fine.”
Meanwhile Aon broking manager Chris Mallett pointed to what was described as general confusion when it comes to the possible financial impact of cyberattacks.
“Around one in seven believe the costs are covered by their PII (professional indemnity insurance) and more than three in 10 choose not to insure against cyberattacks or fraud,” noted Mallett. “Although fines are expected to be issued as a last resort, they can be up to €20 million or 4% of annual turnover.
“The risk presented by non-compliance with GDPR has the potential to bring a small business to its knees.”