Connecting the dots an expanding network of risk and opportunity
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (810.23 KB, 20 trang )
An expanding
network of risk
and opportunity:
How UK SMEs are
under-estimating the
growing complexity
of technology
Written by
Contents
Foreword
3
Executive summary
4
Technology: a requirement for SME business performance
6
Opportunity versus threat: the perception gap
9
Data protection risks: complex and interconnected
12
Emergent technology risks
15
Connecting the dots on technology risks
17
About this report
In November 2012, the Economist Intelligence Unit, on behalf of Zurich, surveyed 549 small business owners
and directors in the UK to explore what SMEs think about the current economic landscape and how they are
adapting in order to survive and succeed.
In addition, in-depth interviews were conducted with two SME experts. Our thanks are due to the following
for their time and insight:
Jay Epton, Director of SMB for Symantec
Cliff Mills, Director of Research for the National Computing Centre
Simon Porter, Vice-President of Mid-Market Europe for IBM
The report was written by Melissa Carson and edited by Monica Woodley of the Economist Intelligence Unit.
2
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
Foreword
UK SMEs have always been innovators and ‘technology adopters’, in both good times
and, perhaps even more so, during more challenging times. This certainly rings true
today. Indeed, the SME sector may be at a ‘technological inflection point’, a significant
point of change for how small businesses manage and conduct business.
Rates of mobile web usage and tablet adoption are defying historical precedent.
‘E-tailing’ is bringing structural change to high-streets and ‘Cloud’ (Internet-based)
computing is changing the operational footprint of many small firms. A new hybrid
‘sharing economy’ of sole-traders, or ‘renters’, is also now emerging.
The business benefits for SMEs are significant. Mobile working and Cloud computing
can unleash new efficiencies and levels of productivity for the small business. E-tailing,
online distribution and social media offer enhanced scalability, allowing SMEs to reach,
sell and service new markets and customers.
But these vast new opportunities also present a growing area of complexity in regards
to risk – especially, for the small business. This report, ‘An expanding network of risk and
opportunity: how UK SMEs are under-estimating the growing complexity of technology’,
developed in association with the Economist Intelligence Unit (EIU), focuses on this
very dynamic.
Over the past decade the realm of cyber risk has expanded and become increasingly
complex. More long-standing challenges, such as data confidentiality and protection,
are now subject to increasing oversight from the Information Commissioner’s Office
(ICO), as well as new EU Data Protection legislation.
New emerging threats – such as cyber attack and social media reputational damage –
are not only new challenges in their own right, but bring additional complexity to the
long-standing risks, due to interconnectivity
interconnectivity. The World Economic Forum (WEF) refers
to this as the ‘dark side of connectivity’ 1, a digital landscape where the likelihood and
impact of cyber threats are amplified by hyper-connectivity.
The current ‘transformation of the high-street’ – and its genesis in the rapid growth
of e-tailing – exemplifies this challenging dynamic between opportunity and risk. SMEs
must approach technology and the future with an appetite for both – but also an equally
balanced awareness, appreciation and understanding for risk in this unchartered territory.
Moore’s law tells us that the power of computing power doubles every two years. The
pace of technology development is only increasing. Over the next decade, the insurance
industry can play a critical role within the greater business community in helping SMEs
understand, monitor and protect against the new risks emerging in the cyber landscape.
Richard Coleman
Director, SME
UK General Insurance
Zurich Insurance plc
1
Global Risks 2012, World Economic Forum
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
3
Executive summary
There is no doubt that technology is dramatically shifting and rapidly expanding the
landscape of opportunity for small and medium-sized enterprises (SMEs) in the UK.
For example, 53% of SMEs in Europe have now adopted some kind of cloud computing
service, an increase of 8 percentage points on the year before2, and experts believe
getting firmly on the technology bandwagon is becoming increasingly important for
SME success and competitiveness with every passing year.
However, one-quarter of UK SMEs remain in the dark, not actively monitoring technologies
and the impact they could have for their businesses. They also happen to be less confident
in their business outlook and less opportunistic overall. For these non-adopters, technology
inefficiency may add to other business challenges to create a strong headwind to long-term
competitiveness and sustainability.
In order to investigate in detail how SMEs have adapted to the new technology
risk landscape, the Economist Intelligence Unit, on behalf of Zurich, surveyed over
500 UK SMEs.
The majority are keen to capture the benefits to both serve their business needs and
obtain a competitive advantage, but SMEs also need to manage an increasingly
complex and swiftly evolving set of associated risks.
SMEs are undervaluing the level of threat and the growing complexity of many
technology risks – particularly those associated with emergent trends such as web-based
services (cloud), mobile and social media. They are underestimating their vulnerability
to cyber criminals, even as attacks targeting SMEs are on the rise. And they are not
sufficiently connecting the dots regarding the interconnectivity of technology risks in
general, which threatens to exponentially increase potential levels of exposure.
For some industries in particular, awareness of technology risks is worryingly low. Retail
and distribution – a sector in potential transformation – stands out as surprisingly behind
the curve on technology.
While key steps are being taken by many, the biggest oversight among SMEs is the
human factor. Few are focussing on training and updating their security policies, which
need to be driven all the way through the organisation to manage the expanding range
of vulnerable points.
2
4
According to a report published by Spiceworks (a social business network for IT professionals) in November 2012.
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
How are UK SMEs adapting to the growing complexity of technology?
@
@
e-markets
online
consumer
reviews
The technology landscape is changing quickly
Increased use of
mobile technology
5% negative impact, 55%
positive impact
IT exposure associated with
teleworking/mobile workforces
40% not a threat
As businesses change the way they
communicate and share data,
they are increasing their exposure to
external threats such as
data loss and cyber attack
Delete
Human error is probably the
largest risk, however only
46%
of SMEs have
trained their staff
28%
have reviewed
security policies
Growth of
social media
6% negative impact
34% positive impact
Social media
reputational
disaster
40% not a threat
SMEs are underestimating
the interconnectivity
of the risks and the
pace of change
Source: Economist Intelligence Unit
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
5
Technology: a requirement for
SME business performance
Cliff Mills is the Director of Research
for the National Computing Centre
(NCC), an independent membership
organisation for IT professionals. The
NCC is the single largest corporate
membership body in the UK IT sector.
Over two-thirds of UK SMEs say that they assess the impact of technological trends on
their businesses. According to experts this group is much more likely to survive and thrive
in the future. Being able to link technology directly to overall business performance is
the “holy grail for technology experts; but it is very difficult to measure”, says Cliff Mills,
Director of Research for the National Computing Centre (NCC).
But the consensus is clear among experts, who believe technology is increasingly a basic
requirement for SME performance, more so than five years ago even. Mr Mills says:
“If you are not actively on the web, and not getting the technology expertise to help
run your business, you will certainly be left behind.”
Technology, confidence and risk appetite
Interestingly, in line with expert opinion, the ‘tech aware’ SMEs – the two-thirds who
actively assess the impact or possible impact of technology on their business – are
more confident about the outlook for their businesses in the coming one to two years.
They also have a more opportunistic overall attitude towards risk than their ‘not tech
aware’ counterparts.
Table 1:
How do you feel about the outlook for your business over the following time periods?
Confident/Very Confident
Tech Aware*
Not Tech Aware
> Next 12 months
67%
55%
> Next 1-2 years
73%
63%
* Those SMEs that assess the impact of technological trends on their business (67% of respondents).
Source: The Economist Intelligence Unit.
Table 2:
How would you describe your company’s ‘risk appetite’ compared with other SMEs in
your industry?
Opportunistic/Highly Opportunistic
Tech Aware
Not Tech Aware
> 2 years ago
25%
14%
> Today
26%
12%
> 2 years from now
38%
24%
Source: The Economist Intelligence Unit.
Simon Porter is Vice-President of
Mid-Market Europe for IBM, the
world’s largest IT and consulting
services company. IBM is a global
business and technology leader,
innovating in research and
development to shape the future of
society at large.
6
Simon Porter, Vice-President of Mid-Market Europe for IBM, a technology firm, warns
that “by not leveraging new technologies, which many of the innovative competitors are
doing, UK SMEs will lose competitiveness. Many foreign firms are now competing more
aggressively with SMEs, leveraging the Internet and cloud, so unless the SMEs in the UK
respond, they will not succeed”. And it is not just foreign firms that UK SMEs need to be
conscious of. Increasingly, the new generation of directors running SMEs grew up with
technology, and they will have a big advantage over others.
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
Technology:
a requirement
for SME business
performance
Unleashing competitiveness for micro firms and
small businesses
Larger companies are now only slightly ahead of their smaller SME counterparts in staying
abreast of technology trends and their business impacts. Some 80% of medium-sized
enterprises are assessing technology, compared with 73% and 70% of small and
micro-enterprises, respectively.
With the advent of cloud services, and the evolution of mobile devices and technological
sophistication, smaller SMEs are less hindered by the cost barriers that used to define the
divide between medium and small/micro-enterprises. Indeed, our survey demonstrates
that they are getting much closer to the norms among medium-sized businesses.
Jay Epton is Director of SMB
at Symantec, a global leader in
providing security, storage and
systems management solutions to
help small businesses secure and
manage their information.
Sole traders, on the other hand, are at a disadvantage owing to their lack of resources.
Only one-half (52%) are thinking about the impact of technology on their business.
Jay Epton, Director of SMB for Symantec, a computer security firm, reminds us that
as sole traders and in micro-enterprises, “you are often MD (managing director), IT
manager, marketing director and operations director at once, so it’s difficult to prioritise”.
In some sectors, new technologies may have a low level of practical benefit and
application for the sole trader. However, for some, emerging areas such as social media
can offer increased marketing and customer service opportunities, as well as reduced
administrative overheads.
Table 3:
Do you assess the impact that technological change is or might be having on your
business? (Size)
Yes
No/Don’t Know
Sole trader
52%
48%
Micro-enterprise (1-9 employees)
70%
30%
Small enterprise (10-49 employees)
73%
27%
Medium-sized enterprise (50-249 employees)
80%
20%
Total
69%
31%
*Those SMEs that assess the impact of technological trends on their business (67% of respondents).
Source: The Economist Intelligence Unit.
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
7
Technology:
a requirement
for SME business
performance
Retail industry stands out as behind the technology curve
Industry sector influences the relative importance of technology. Most striking
is how few SMEs in the retail and distribution industry are assessing technology
impact, particularly in light of the cannibalisation of high street shops by online
retailers in recent years. Not only is the growth in retail overall expected to be flat
in 2013-14, according to the Centre for Retail Research (CRR), but 2012 proved to
be the worst year for bankruptcies since the start of the recession in 2008. Yet for
many retailers ‘online seems to be an afterthought’.
Table 4:
Do you assess the impact that technological change is or might be having on
your business? (Industry)
Industry
Yes
No/Don’t know
IT services
88%
12%
Manufacturing
74%
26%
Media, marketing or entertainment
73%
27%
Professional or financial services
73%
27%
Building & construction services
63%
37%
Other consumer or business services
62%
38%
Retailing and distribution
55%
45%
Property management & rental
46%
54%
Other
55%
45%
Source: The Economist Intelligence Unit.
Retailers also appear to underappreciate the potential scale of threat that
the emerging technology landscape poses for their day-to-day and business
performance. For instance, only 17% view data loss as a ‘major threat’ and, even
lower, 10% see social media reputational disaster as such. Given the increasing
reliance of retailers on ‘online reputation’ – for instance, online customer reviews
– to help generate future demand and business earnings, the latter reflects a
significant new area of vulnerability.
8
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
Opportunity versus threat: the perception gap
SMEs seem to fully embrace the upside of technology for their businesses, but are
they taking the right precautions when they adopt new technologies? Many are
underappreciating the potential business impact that many technologies may pose.
Technology only has an upside in the eyes of SMEs
Emerging technologies are evolving rapidly, creating huge opportunities for SMEs
that are both accessible and, as we saw in part one, necessary to remain competitive
according to experts. The broad perception among SMEs is that technology brings almost
exclusively positive opportunities to their businesses. At most, just 6% of respondents see
technology trends having a negative impact.
Online shopping is the one exception, and the retail industry is struggling with the
technological challenge it faces (see box).
Table 5:
What impact do you think the following technological trends are having on your business?
Significant
negative
impact
Some
negative
impact
No
impact
Not
applicable
Some
positive
impact
Significant
positive
impact
Increased use of mobile
technology
0.4 %
4.7 %
29.7 %
10.0 %
40.8 %
14.4 %
Increased use of
personal devices
0.5 %
3.8 %
31.7 %
11.7 %
39.3 %
12.9 %
Growth of web-based
software or IT services
0.4 %
4.4 %
39.3 %
10.9 %
31.0 %
14.0 %
Increased analysis/use of
customer data
1.5 %
3.6 %
39.7 %
17.7 %
30.1 %
7.5 %
Growth of social media
0.7 %
5.5 %
47.5 %
12.6 %
25.3 %
8.4 %
Growth of online
shopping/consumption
3.5 %
10.4 %
39.0 %
22.0 %
17.9 %
7.3 %
Advances in
manufacturing technology
0.7 %
2.6 %
54.3 %
20.0 %
16.4 %
6.0 %
Source: The Economist Intelligence Unit.
Still surprising is the proportion of SMEs who view these technology-related trends –
such as mobile technology, personal devices and web-based software services – as
irrelevant to their businesses. But the numbers are also slightly skewed by the
significantly different perspectives among the ‘tech aware’ and ‘not tech aware’.
Opportunity in technology (positive impact) lies in the eyes of the ‘tech aware’.
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
9
Opportunity
versus threat:
the perception gap
Table 6:
What impact do you think the following technological trends are having on your business?
No Impact/
Not Applicable
(Some/Significant)
Positive Impact
Tech Aware
Not Tech Aware
Tech Aware
Not Tech Aware
Increased use of mobile technology
29%
62%
66%
34%
Increased use of personal devices
33%
63%
62%
33%
Growth of web-based software or IT services
40%
72%
55%
24%
Increased analysis/use of customer data
49%
76%
46%
19%
Growth of social media
53%
75%
41%
19%
Growth of online shopping/consumption
58%
68%
29%
17%
Advances in manufacturing technology
69%
85%
29%
10%
Source: The Economist Intelligence Unit.
Threat – a mix of healthy fear and underestimation?
Technology-related risks are seen on an entirely different scale. Over three-quarters
of UK SMEs, a huge number in comparison to those that see opportunities, see
long-standing risks associated with data loss, cyber attack and electronic theft or
fraud as threats. This implies that SMEs hold a healthy – if not overly fearful – view of
the potential threats that these long-standing technology-related risks pose. The risks
associated with emergent trends, however – such as cloud computing, Internet-based
services, social media and mobile workforces – are not seen to be as significant. While
over one-half of UK SMEs see these trends as some level of threat, worryingly less than
20% perceive them as a ‘major threat’. In the case of reputational disaster from social
media, only 13% of SMEs view this as a major risk. These statistics may indicate a lack
of understanding of the complexity and the potential scale of impact associated with
these emergent trends.
10
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
Opportunity
versus threat:
the perception gap
Mr Mills of the NCC also raises an interesting point about the distinction between these
risks. “Data protection is not just about IT. It’s been around for a long time, so yes there
is a lot of awareness, but its also looked at as a business-level risk, as well as at an IT
level; whereas mobile, cloud [and risks associated with other emergent trends] are still
often looked at only as technology risks [not business risks]”. Therefore, they do not
always hit the radar for SMEs at a strategic or business-wide level.
Table 7:
How would you rate the following types of technology-related risk in terms of the threat to your business?
Major threat
Some threat
No threat
Don’t know
Data loss (1)
34%
50%
15%
1%
Cyber attack (eg, virus or hacking) (2)
29%
52%
18%
2%
Electronic theft or fraud (6)
21%
54%
23%
3%
Failure of Internet-based service (such as
cloud computing) (4)
17%
40%
40%
4%
Social media reputational disaster (3)
13%
42%
40%
5%
Breach of regulations while trading/selling
online (eg, non-compliant distribution to
foreign countries via the web) (5)
10%
31%
51%
7%
IT exposure associated with teleworking/
mobile workforces (7)
8%
44%
40%
9%
Source: The Economist Intelligence Unit.
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
11
Data protection risks:
complex and interconnected
Protecting data in a world where systems are changing rapidly and information flows
freely introduces a whole set of complex challenges that SMEs are not fully grasping.
Data protection is a critical challenge for SMEs
SMEs seem to have a high degree of awareness of the data protection risks. Data loss,
cyber attacks and related electronic theft/fraud are the top three technology-related
risks for UK SMEs, and they are all contributors to the data protection risk.
However, there are still a huge number of UK SMEs that are not sufficiently aware of
the importance of data protection, despite the now inescapable interconnectivity of
technologies and technology risks. The survey found that between 16% and 25% of
respondents do not recognise data loss, cyber attack and electronic theft or fraud as
either a major or some threat to their business – equating to between 760,000 and
1.2m of the almost 4.8m SMEs in the UK. Some stark statistics should help to prompt
greater interest.
For example, Symantec has found an increasing level of cyber attacks directed at SMEs,
with the number of attacks doubling in less than a year. They estimate that 36% of all
attacks are targeted at SMEs. But according to Mr Epton, SMEs often do not consider
themselves to be of sufficient interest to cyber criminals, and because of this lack of
awareness they are even more vulnerable.
Unlike big enterprises, SMEs do not have the resources to recover from loss of customer
data records, such as credit card information, financial or personal information, Mr Epton
points out. And for SMEs, the Information Commissioner’s Office (ICO) cap of £500,000
for fines related to serious breaches of the Data Protection Act represents a crippling sum.
Interconnectivity in data protection
As businesses radically reform the way they communicate and share data – using cloud
computing, linking an exploding number of personal devices to business systems and
leveraging social media – they are exponentially increasing their exposure to external
threats (both viral and cyber attack). Emergent trends could significantly compound the
vulnerability points around data loss and cyber attack.
The vulnerability of SMEs also creates risks for their customers. SMEs often have lower
barriers to attack than large enterprises but, in many cases, they are connected to large
organisations as suppliers and service providers – potentially putting all businesses in
the chain, as well as their end-customers, at risk.
A multitude of major and very public PR (public relations) disasters linked to these risks have
brought home the catastrophic impact they can have. It would therefore be expected
that data protection risk awareness would be high among SMEs of all sectors, given that
their very survival is on the line. However, we see quite a range of views across sectors.
12
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
Data protection
risks: complex and
interconnected
IT services
Media, marketing or entertainment
Professional or financial services
Manufacturing
Building & construction services
Property management & rental
Other consumer or business services
Hotels, restaurants, cafes & pubs
Retailing and distribution
Motor trades and transportation
Table 8:
How would you rate the following types of technology-related risks in terms of the threat to your business?
Data loss (1)
47%
44%
43%
36%
32%
32%
29%
27%
17%
9%
Cyber attack
(eg, virus or hacking) (2)
49%
28%
31%
32%
25%
24%
28%
27%
17%
17%
Electronic theft or fraud (6)
33%
9%
22%
24%
25%
28%
22%
23%
10%
13%
Failure of Internet-based
service (such as cloud
computing) (4)
30%
26%
18%
16%
18%
20%
18%
0%
8%
0%
Social media reputational
disaster (3)
5%
13%
13%
10%
11%
16%
26%
9%
10%
9%
IT exposure associated
with teleworking/mobile
workforces (7)
19%
7%
8%
4%
14%
8%
6%
5%
7%
0%
Breach of regulations while
trading/selling online
(eg, non-compliant
distribution to foreign
countries via the web) (5)
12%
2%
10%
18%
11%
12%
10%
5%
8%
13%
Major threats
Source: The Economist Intelligence Unit.
Bandwidth and ‘data culture’ challenges for SMEs
Experts agree that many SMEs simply do not have the expertise or IT awareness to cover
all the technology bases (both opportunities and threats). A skills gap is a major challenge
faced by SMEs, and experts cannot stress enough the benefits that they feel trusted
advisers can provide to help these businesses to manage risks.
Getting staff up to speed is important. Human error is probably the largest data risk,
and while most SMEs are strengthening provisions for devices, back-up and virus
protection (72%), or at least considering this (19%), skills training and policies are taking
a back seat. Only 46% of SMEs have trained their staff and only 28% have reviewed
security policies, yet ensuring proper use of passwords and driving policies all the way
through the organisation are both critical to security.
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
13
Data protection
risks: complex and
interconnected
Consequently, despite the huge amount of resources some SMEs (particularly larger ones)
are putting into technology risk management, human error is still a major vulnerability
point. ‘Data culture’ – in an era of proliferating customer information, workforce mobility
and an ever-expanding number of networked devices – is perhaps emerging as the core
data protection challenge.
One key to risk management in this area, according to Mr Epton, is password policies,
and driving those policies all the way through the organisations. But no matter what
technology-based security SME owners put in place, employees must always have a clear
understanding and appreciation of data and technology risks, as well as the personal
governance and compliance requirements that reflect this.
Table 9:
What steps, if any, is your business taking to respond to technological risk?
Taken
Considering
Not considered
Don’t know
Strengthen protection against computer
viruses or hacking (eg, by keeping
software & anti-virus programmes
up-to-date & having a well
configured firewall)
72%
19%
6%
3%
Strengthen provision for devices &
data back-up
63%
24%
9%
4%
Restrict access to IT systems (eg, only
allow trusted users to access systems
& ensure strong passwords)
54%
18%
23%
6%
Train staff
46%
20%
26%
9%
Improve physical security around servers
& devices
42%
24%
28%
6%
Create &/or review our IT disaster
recovery plan
29%
30%
35%
6%
Create &/or review technology policies
(eg, personal devices policy)
28%
32%
32%
8%
Hire technology specialists
23%
20%
49%
8%
Take out technology risk insurance
12%
21%
60%
8%
Other (please specify)
10%
18%
32%
40%
Source: The Economist Intelligence Unit.
14
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
Emergent technology risks
SMEs are more focussed on the benefits of emerging technologies than their risks.
In this section we look at the top three emergent trends and the associated risk
perceptions among UK SMEs now and into the future.
Cloud risks – potentially under-appreciated and unknown
SMEs are more focussed on the benefits of cloud-based services than their risks;
compelled by the promise of flexibility, affordability and accessibility. Indeed, the
advantages of web-based software are so compelling that experts claim that it will
supplant the standalone desktop computer, and that ‘Software-as-a-Service’ (SaaS) 3
will be the new model for small business.
“A cloud-managed back-up, for example, can reduce the total cost of ownership by
up to 40%,” says Mr Porter. Larger SMEs now see the greatest potential benefit of
cloud computing as allowing for greater employee mobility and flexibility, according
to a recent survey by IBM Mid-Markets. Critically, the technical expertise of web-based
service providers often far exceeds what the SME has in-house or could afford.
But while web-based services are generally considered secure, they could also be
susceptible to browser exposure to malware, the increasing sophistication of
cyber-criminals and critical system failure (for instance, the failure of cloud services
or an associated delivery network). Yet only 17% of SMEs even recognise failure of
cloud services as a ‘major threat’ to their businesses.
Similarly low numbers (25%) of UK SMEs see the risks increasing in the years to come,
while one-half feel that cloud risks have now stabilised; a surprisingly large number.
Considering that the market is expected to grow at 20% per year and be worth £2bn
by 2015, risks in this arena may be significantly undervalued by UK SMEs.
The explosion of mobile working is opening SMEs to risk
Only a mere 8% of SMEs see IT exposure associated with teleworking/mobile workforces
as posing a major threat. This includes ‘bring your own device’ (BYOD), which, according
to Mr Epton, is more prevalent among SMEs and may have the most dramatic future
impact on the risk profile of SMEs. The interconnected risks linked to mobile computing
and teleworking can extend well beyond the work environment, as the personal and
professional use of devices increasingly merge.
In Mr Epton’s experience, part of the risk management challenge for SMEs is simply
prioritising. “Until someone experiences some kind of situation, it is not top of mind,
or a detriment to day-to-day business decisions,” he says.
On the flip side, while a more healthy proportion (44%) see this as at least some threat,
and almost one-third (30%) realise that this will be an increasing area of risk to their
business in years to come, these figures are still alarmingly low overall.
Against the fast-paced mobile backdrop, the explosion of a mobile-enabled marketplace
and the dramatic adoption curve of devices, better appreciating and managing the risks
will be vital.
SaaS (Software-as-a-Service), IaaS (Infrastructure-as-a-service) and PaaS (Platforms-as-a-Service).
3
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
15
Emergent
technology risks
SMEs underestimating social media risk
SMEs struggle to quantify reputational risk, but in today’s more unforgiving environment,
customer confidence is business critical. Research by Symantec shows that 63% of SMEs
use social networks, but only 13% of EIU survey respondents feel that this poses a major
threat to their business.
The World Economic Forum is an
independent international organization
committed to improving the state of the
world by engaging business, political,
academic and other leaders of society
to shape global, regional and industry
agendas. Its Global Risks Report
analyses 50 global risks in terms of
impact, likelihood and interconnections.
SMEs seem to be undervaluing the nature and complexity of this emerging risk.
A single case of disparaging commentary on social media platforms can have a powerful
amplifying effect, with real long-term financial business implications. The spread of
digital misinformation owing to hyperconnectivity – called ‘digital wildfires’ 3 – has been
cited as a critical emerging risk by the World Economic Forum.
But social media also exacerbates other technology-based vulnerabilities, such as cyber
attack. Cyber criminals can extract many separate bits of information from social media
platforms and piece these together to attack SMEs.
Less than one-half (46%) of SMEs see social media risks as increasing in the years to
come – a proportion more aligned with expectations than that seen with cloud and
mobile trends.
Table 10:
Do you think the following types of technology-related risks are increasing,
decreasing or stable?
Increasing
Stable
Decreasing
Don’t know
Cyber attack (eg, virus or hacking)
59%
28%
7%
7%
Electronic theft or fraud
54%
32%
7%
8%
Social media reputational disaster
46%
35%
5%
14%
Data loss
35%
45%
11%
9%
IT exposure associated with
teleworking/mobile workforces
30%
43%
5%
22%
Failure of Internet-based service
(such as cloud computing)
25%
50%
5%
20%
Breach of regulations while
trading/selling online
(eg, non-compliant distribution
to foreign countries via the web)
25%
48%
5%
22%
Source: The Economist Intelligence Unit.
16
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
Connecting the dots on technology risks
SMEs are not sufficiently connecting the dots with respect to technology risk.
Technological vulnerabilities are amplified by interconnectivity. And although more than
one-half of SMEs believe that cyber attack and electronic theft/fraud are increasing
(59% and 54%, respectively), it is alarming that only 35% of SMEs believe that data
loss – intimately connected to cyber attack and electronic theft – is an increasing threat
in the years to come.
The relationship between an expanding range of connected devices and workforce
mobility is also not being fully connected to threats such as data loss. With regard to
data governance, workforce behaviour (data culture) is one of the most challenging
areas to address, yet less than one-half (46%) of SMEs are training staff and less than
one-third (30%) see IT exposure associated with teleworking or mobile workforces as
increasing going forward.
Too many SMEs also are not fully considering the potential risks and opportunities
in a technology-driven world. While many may be aware that today’s emerging SME
leaders grew up in a technology-enabled environment and that foreign firms are
reaching UK markets through the Internet, their appreciation of the potential risks
this poses to traditional SME business models falls short.
Small businesses also need to connect the dots between their IT security strategies
– opting for anti-virus software or back-up and recovery plans – and link technology
risk management to their overall business model and initiatives.
Too many see the future of technology trends and risks to be more stable than the
rapidly-evolving landscape that the experts believe it is and will continue to be.
All SMEs, especially those revealed by the survey to be rather not tech aware, need
to re-evaluate quickly the possible risks – and opportunities – that technology presents,
in order to become more resilient in the face of this shifting landscape.
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
17
18
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
An expanding network of risk and opportunity:
How UK SMEs are under-estimating the growing complexity of technology
19
135559A02 (04/
4 13) ZCA
4/
Zurich Insurance plc is authorised by the Central Bank of Ireland and subject to limited regulation
by the Financial Conduct Authority. Details about the extent of our regulation by the Financial
Conduct Authority are available from us on request, FCA registration number 203093. These details
can be checked on the FCA’s register by visiting their website www.fca.org.uk or by contacting
them on 0845 606 1234.
