Project Overview

Funded by the Research Wales Innovation Fund, the primary aim of the project is to evaluate the effectiveness of cyber risk insurance as a risk management tool for Welsh small and medium sized businesses (SMEs).

SME Vulnerabilities

SMEs are particularly vulnerable to a cyber-attack for a number of reasons. The reality is that many SMEs allocate low (if any) budgets towards cyber resilience, with our findings so far overwhelmingly suggesting that this is in part due to a belief that they are not an attractive target for would-be cyber criminals. Further, an SME may not have the expertise to protect against or recognise a cyber attack (especially where the business is not IT or cybersecurity focused).

Many SMEs lack the appropriate network protection needed to safeguard their business. Out of date systems and software are also commonplace, with many businesses not adopting regular and robust backup practices, or make the mistake of backing up devices on the same network.

Cybersecurity training amongst staff and management may also be lacking, leading on to there being no clear assignment of responsibility for cybersecurity and awareness. This ultimately means that an SME may not have a recovery plan in place.

Practices that expose SMEs to Greater Risks

A practice accelerated by the pandemic, and one that appears to be here to stay is that of remote working. While it brings many benefits, it can expose an SME to a greater threat of cyber-attack. The same can be said of the growing popularity and use of cloud services. Further, many SMEs operate by means of a supply chain. A weakness or cyberbreach within this chain can have a significant knock-on effect on the SME.

Protecting your Business

Each business is different, and cyber resilience measures should be tailored to individual needs. However, the following can help safeguard Welsh SMEs:

  • Data backup (separate from your computer)
  • Instal and make use of antivirus Software
  • Update software and equipment regularly
  • Control and monitor the use of external devices (such as USB sticks and memory cards)
  • Require strong passwords
  • Use of multifactor authentication
  • Change default passwords
  • Train staff to recognise and deal with phishing emails
  • Limit administration privileges
Attendees at the Cardiff Cyber Resilience Event

Our Partners

In Association With

SBW Logo
FSB Logo