Businesses Urged to Take Action on Cyber Security

Back to news listings

Small and medium sized businesses could be leaving themselves and their partners exposed to computer hackers because of a lack of understanding of information systems.

Richard Henson, a leading UK cyber security specialist, is warning organisations to get more savvy in a bid to save themselves money and protect their businesses against cyber crime, which is estimated to cost the country £27bn a year.

Richard, who is an advisor to adviser to Key IQ Ltd which runs the Malvern Cyber Security Group and a Senior Lecturer in Computing at the University of Worcester, advocates a new independent scheme, Information Assurance for SME (IASME), aimed at encouraging small and medium sized enterprises (SMEs) to develop more robust systems. He also recommends penetration testing, because hackers are using ever more devious methods to gain access.

“Most small businesses now have digital information systems,” he said. “Many are online, and taken together, SMEs form a large part of the national information infrastructure of the UK. However, the limited resources of smaller companies mean that they are often unable to focus as closely as they may wish on what may be perceived as peripheral activities, including information assurance.”

Mr Henson, who last month presented at a cybersecurity workshop for small businesses in Malvern and participated in a major cybersecurity showcase event in Brussels, both organised by the CyberSecurity Knowledge Transfer Network, said SMEs faced losing contracts to major companies if their information security systems were not up-to-scratch, and could potentially face losing thousands of pounds through lost trade should their computer systems become infected, or if hackers are able to access financial information.

“The difficulty lies in the many supply chains that are all linked via computer systems,” he said. “If just one of those companies in the chain has a flaw in its security, there could be a major knock-on effect for all the other organisations it works with.”

He added: “There is evidence that focussed attacks on the nation’s information infrastructure are already moving from the previous targets of larger companies (with dedicated resources for protection) to poorly defended SMEs who provide quicker wins.”

The UK government launched its Cyber Security Strategy in November last year with the aim of encouraging businesses of all sizes to focus on this important issue. The CyberSecurity Knowledge Transfer Network is partly funded by the Technology Strategy Board, and regularly runs events for small businesses. To find out more about information assurance for small businesses visit  and for more general advice access Get Safe Online. To report a possible act of cybercrime, go to