UK government offers SMEs £5,000 to improve their cyber security

Small businesses are more at risk than ever of having their cyber security compromised

The UK government's Technology Strategy Board has extended its Innovation Vouchers scheme to allow small and medium enterprises (SMEs) to bid for up to £5,000 from a £500,000 pot to improve their cyber security by bringing in outside expertise.

Innovation Vouchers are designed to encourage start-ups and SMEs (those with up to 50 employees) to look outside their current network for new knowledge that can help them to grow and develop. The £5,000 grant is only available to businesses that do not have internal cyber security expertise, and that are working with a new technology supplier for the first time.

The Department for Business, Innovation and Skills (BIS) is also publishing guidance to help small businesses put cyber security higher up the agenda and make it part of their normal business risk management procedures. This follows on from the "10 Steps to Cyber Security" guidance released in September 2012, which was aimed at larger businesses.

"Keeping electronic information safe and secure is vital to a business's bottom line. Companies are more at risk than ever of having their cyber security compromised, in particular small businesses, and no sector is immune from attack. But there are simple steps that can be taken to prevent the majority of incidents," said Minister for Universities and Science David Willetts.

"The package of support we are announcing today will help small businesses protect valuable assets like financial information, websites, equipment, software and intellectual property, driving growth and keeping UK businesses ahead in the global race."

The news is accompanied by research funded by BIS and carried out by PwC in conjunction with Infosecurity Europe, which found that more small businesses than ever are facing the threat of losing confidential information through cyber attacks.

The 2013 Information Security Breaches Survey has shown that 87 percent of small businesses across all sectors experienced a breach in the last year, up from 76 percent a year ago. The average cost of the worst security breach for small organisations was between £35,000 and £65,000.

BIS pointed to a small London insurer that did not focus enough on security, and suffered a substantial data security breach. Information such as internal announcements and business development reports were being indexed by web crawlers and being made available in search rankings.

It took the insurer nearly a month to detect the problem, and then systems had to be taken offline for a week to fix it, costing the company both time and money.

"Cyber security is an increasing risk for small and micro businesses and more and more, a barrier to growth," said Mike Cherry, National Policy Chairman, Federation of Small Businesses.

"The FSB is very pleased to see the government announce a package of measures including specific guidance for small firms, helping them take steps towards more effective cyber security."

The report also found that large organisations are still at high risk, with 93 percent reporting breaches in the past year. The average cost of the worst security breach for large organisations was between £450,000 and £850,000, and the vast majority of these were through cyber attacks.

While 81 percent of respondents reported that their senior management places a high or very high priority on security, many businesses leaders have not been able to translate expenditure into effective security defences, according to the report.

"Spending on cyber control as a percentage of an organisation's IT budget is up this year from an average of 8 percent to 10 percent, but the number of breaches and their impact is also up as well so it is clear that there is work to be done in measuring the effectiveness of the security spend," said PwC information security director Andrew Miller

Join the CSO newsletter!

Error: Please check your email address.

Tags securityechnology Strategy BoardTechnology Strategy BoardSME

More about Andrew Corporation (Australia)CherryPricewaterhouseCoopersTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sophie Curtis

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place