The Cyber Wealth Divide in 2022

Facebook
Twitter
LinkedIn

How do you define ‘wealth’?  The term ‘wealth’ is immediately associated with money. As per the dictionary definition, wealth is ‘an abundance of valuable possessions or money[1]’. Simply put, if you are wealthy you can afford to buy things, or you have the means to do so should the need arise. If you aren’t wealthy, you can’t.

In the context of business, I challenge the definition of ‘wealth’ to mean ‘an abundance of money, valuable possessions, knowledge or time’.

For businesses of all sizes these four areas of ‘wealth’ are critical; you have the money to pay yourself and/or staff; the possessions to perform your role, such as a laptop or phone; specialist knowledge of your subject; and the time to deliver services or products.

However, businesses will also have gaps in some, or all the same four areas. As a business owner/senior leader, do you have the time to learn new things without it impacting your day-to-day operations? If not, do you have the financial capacity to employ the right people who do or buy in services or technology to plug any gaps? This is trusting you know the gap is there in the first place.

We are all acutely aware of the impact the global Coronavirus pandemic has had on the way we work. At the drop of a hat employees were required to work from home, bomb-bursting from the safe(ish) haven of the workplace with all the physical and digital perimeters of security that were afforded by office network security. IT and operations teams worked day and night to facilitate an almost totally remote workforce.

Whilst this was remote working on a scale never been seen before, working from home is not a new activity. In December 2019, approximately 5.9% of the UK workforce worked mainly from home, a rise of 80% across the preceding twenty years. However, the makeup of this workforce is important. In 2019, 39% of businesses with no employees worked mainly from home, compared to 23% of micro businesses (1-9 employees), 6% of small businesses (10-49 employees) and less than 1% of medium-sized businesses (50-249 employees)[2]. This makes sense. Those micro and small businesses might not have the wealth to access offices or flexible workspace, who will provide a marginally increased layer of security for their members compared to those working from home.

So how do sole-traders and business owners ensure they are protected? Are they reliant on the security which is afforded to them by the ready-installed anti-virus software on the new laptop they’ve just purchased? Or the standard settings from their email provider? And is this enough?

The answer to the last question is no. It is not enough. Cyber security is always one step behind. Technology is updated to defend against the most recent attack, but it can’t predict exactly how the next one will play out. Cyber Security organisations drive a huge amount of resource into developing protection against the newest threat in a matter of hours after an attack. Which is great news – if you can afford those services. Remember, having the wealth to afford the latest technology isn’t solely about having the money to buy it. It’s having financial wealth, combined with the right people, time and knowledge to effectively deploy such technology. This is assuming you’re aware there is an issue.

Enter the Cyber Wealth Divide.

The excerpt below is from the Department for Digital, Media, Culture and Sport’s (DCMS) Cyber Security Breaches Survey 2022:

Smaller organisations took little proactive action on cyber security, driven by a lack of internal knowledge and competing priorities with their budgets. This was especially the case if they had no relationships with outsourced cyber security providers or IT specialist MSPs. They often had a fear of the technicalities of cyber security and a preference to not research and mitigate against the risks they presented. They knew there could be a potentially devastating impact, but were not sure of the specifics of this, and felt it was low probability. This meant budget priorities often focused on the immediate operational side of the organisation[3]. 

Cyber Breaches Survey 2022, Department for Digital, Culture, Media and Sport.

 

Small businesses clearly lack the wealth to deploy effective cyber security measures[4]. Along with the National Cyber Security Centre, IASME’s Cyber Essentials and Cyber Essentials Plus and the Home Office-funded regional Cyber Resilience Centres are doing their utmost to increase awareness of free and simple processes businesses can put in place to be more secure. However, there is a clear lack of “internal knowledge, combined with competing budget priorities”.

With attitudes towards cyber security already low, these cries to increase awareness of the importance of cyber security may continue to fall on less-wealthy ears. Businesses of all sizes are under increasing pressure due to rising operating costs. Extreme rises in costs of utilities and a pressure to increase wages to lessen the personal impact on staff will only exacerbate the budget priority issues business owners are facing. Considering there are over 5.7 million SMEs in the UK and 60% of these shut up shop in the six months following a cyber-attack3, the cyber wealth divide has never been greater.

[1] Oxford Languages, Oxford English Dictionary, 2022.

[2] Department for Business, Energy & Industrial Strategy, Longitudinal Small Business Survey: SME Employers (businesses with 1-249 employees) – UK, 2019

[3] Department for Digital, Culture, Media and Sport, Cyber Security Breaches Survey 2022, UK 2022

 

Recommended

At the end of November, the UK government introduced their new, updated Product Security and Telecommunications Infrastructure Bill (PTSI).
Cyber Essentials is a government-backed, industry-supported scheme to help organisations protect themselves against common online threats!
A guide to start by taking cybersecurity seriously.
Paddy Bradley MBE talks about his responsibility in ensuring that the Business Cyber Centre (BCC) is a success.