- External cyber risks remain the biggest worry for European businesses
- Less than a quarter of UK businesses are aware of General Data Protection Regulation (GDPR) fines
- Only one third of businesses use legal support as part of their digital security measures
London, 18 July, 2017: UK business leaders identify far fewer risks affecting their businesses, when compared to Germany and France, according to research from the Gowling WLG Digital Risk Calculator, which launches today. This new free tool allows small and medium size businesses to better understand their digital risks and compare these to other businesses and industries.
Research informing the Gowling WLG Digital Risk Calculator was gathered from 1000 small and medium-sized enterprises (SMEs) in the UK, France and Germany. Findings revealed an overly optimistic picture among UK business leaders, with UK respondents identifying far fewer digital risks as a threat to their business; when compared to the views of their European counterparts. UK respondents consistently identified between 2 and 25% less than non-UK respondents for each risk area analysed.
Commenting on the research Helen Davenport, director at Gowling WLG, said: "The recent wide ranging external cyber-attacks such as the Wannacry and Petya hacks reinforce the real and immediate threat of cyber-crime to all organisations and businesses.
"However, there tends to be an "it won't happen to me" attitude among business leaders, who on one hand anticipate external cyber-attacks will increase over the next three years, but on the other fail to identify such areas of risk as a concern for them. This is likely preventing them from preparing suitably for digital threats that they may face."
Respondents revealed that external cyber risks (69%) are thought to be the most concerning category of digital threat for businesses across all countries surveyed. This risk is anticipated to grow even further, with 51% of respondents believing that it will increase within the next three years.
Other digital risks of concern to participants include customer security (57%), identity theft / cloning (47%) and rogue employees (42%). More than a third of respondents (40%) also believe that the lack of sufficient technical and business knowledge amongst employees is a risk to their business.
Additionally, one third (32%) of UK businesses feel that digital risks related to regulatory issues have increased during the past three years. However, less than a third (29%) believe that regulatory issues are a risk to their business.
Risks related to highly sensitive/valuable data are the second most prominent risk to businesses (55%), according to respondents. However, when asked about the GDPR, which represents the most significant change to data protection legislation in the last 20 years, only one seventh (14%) of UK businesses were aware of the fines they may face for failing to protect their data. In comparison, 26% of respondents from Germany and 45% from France were aware of the maximum fine, placing UK business leaders at the back of the pack when it comes to understanding the risks posed by failure to comply with the GDPR.
Despite the identification of data risks, only 52% of UK businesses do regular data back-ups, compared to 66% in Germany and 67% in France. Moreover, only 32% of UK businesses and 39% of businesses in Germany open to using off-site storage for sensitive data today, compared to 50% of French businesses.
Given the changing nature of the digital world, the majority of business leaders (70%) involve IT support in their digital risk management. However, in comparison the number that say they involve legal support drops significantly down to an average across the surveyed nations of just 31% (46% UK, 23% Germany and 23% France, respectively).
When asked about how prepared they feel for their digital risks, only 16% of all respondents stated that they are fully prepared.
Patrick Arben, partner at Gowling WLG, comments: "When affected by a cyber-attack or any other digital threat, the immediate focus is to work with IT professionals to understand what has happened. However, it is always worth taking internal or external legal advice, before commencing an investigation and as circumstances change.
The essence for all business leaders is to stop ignoring the digital risks their companies face. By doing this, they can easily and proactively work to prevent future attacks from happening."