The latest Aldermore small and medium sized business owners (SMEs) Future Attitudes study has stated that just over one in ten (12%) SME owners in the IT sector fully understand what the forthcoming EU General Data Protection Regulation (GDPR) actually means for their business and have taken the appropriate steps to prepare themselves for it.
The new framework, which is designed to strengthen and unify data protection for all individuals within the European Union (EU), will hand out tough punishments for those who fail to comply with new rules around the storage and handling of personal data. The regulation comes into force in May 2018, but over a third (36%) of SMEs bosses in the IT sector have not even heard of it.
Furthermore, the GDPR will also introduce a duty on all organisations to report certain data breaches to the relevant supervisory authority, and in some cases to the individuals affected, as well as giving customers the right to be forgotten, which requires firms to erase all of their information. This is a considerable step change and will affect many small and medium-sized organisations, particularly as recent industry figures* state that two thirds (66%) of SMEs have been a victim of cyber crime since their launch.
With data threats becoming an ever- growing concern for business leaders, Aldermore's report, which surveyed over a thousand senior decision makers, reveals that well over a third (38%) of SMEs in the IT sector and their customers have been directly affected by a data breach in the past two years. Two thirds (65%) of business owners in the IT sector are concerned about cyber crime and the impact it might have on their firms, and over half (51%) of these SME bosses also anticipating that a cyber attack could have a significant financial impact on their business.
Surprisingly only half (51%) of businesses in the IT sector see protection against cybercrime as a high priority and have taken steps to defend themselves, considering cyber-crime can involve something as simple as having your business emails hacked and subsequent data stolen or intercepted. Just over a quarter (28%) realise it is an important issue but haven't had the time to look into appropriate safeguards, with one in ten (10%) saying that they cannot afford to shield themselves adequately.
What is more surprising is that one in ten (11%) say protection against cyber attacks is not an important issue for their businesses. The research also reveals that three in five (60%) UK SMEs in the IT sector currently have data breach policies in place around the use of email, internet and mobile devices.
Carl D'Ammassa, Group Managing Director, Business Finance at Aldermore, said: "The GDPR is the biggest shake-up in data protection to date and the results are worrying when looking at the amount of businesses that are unaware of the impact it will have on them. Data privacy, the appropriate use of customer information and breach notifications all need to be taken incredibly seriously. This is made especially apparent when one considers the increased sanctions businesses face if they don't keep to the new regulations, including regular data protection audits, and fines of up to £20 million or 4% of their annual turnover for the most serious violations.
"Moreover, we hope the EU's new regulation achieves what it sets out to do and strengthens the resistance of businesses against the threat of a data breach. SMEs need to be clear on the use of customer information, ensure they are GDPR ready as soon as they can be and are aware of the impact this will have once it comes into effect in May next year.
"The danger of cyber attacks for all businesses, not just SMEs, is an ever present one and is something that is likely to increase as economic activity moves to the digital world. With these attacks having a significant financial and reputational impact on a business, it is crucial all SMEs take adequate time to analyse and protect themselves against this threat."