Over one in five UK SMEs (21%) are worried that their business will not survive the current economic uncertainty or expect to make a significant business pivot to survive. This is according to a survey of a thousand SME senior leaders and decision-makers across the UK, commissioned by CyberSmart, the provider of accessible automated cybersecurity technology for small and medium-sized enterprises (SMEs). Censuswide conducted the survey. 

The UK government estimates that the country is home to at least 5.5 million SMEs. Extrapolating the findings means that 1.155 million businesses are potentially in a precarious position and risk collapse.

The survey also revealed that some SME senior leaders would go to great lengths to ensure the business's survival, from engaging in cybercriminal activity and committing accounting fraud to neglecting compliance requirements.

According to the survey, some activities SME senior leaders would consider engaging in include tax evasion and accounting fraud. 

“15% would commit accounting fraud and lie to bankers/investors to secure funding, or commit tax fraud/evasion (potentially equivalent to 825,000 SMEs). 14% would cut employee salaries and/or benefits (potentially equivalent to 770,000 SMEs). 11% would leverage proprietary information from partners/clients such as selling off the data (potentially equivalent to 605,000 SMEs). 11% would neglect compliance requirements due to the additional costs they incur (potentially equivalent to 605,000 SMEs). 10% would engage in cybercriminal activity such as hitting a rival company with a cyberattack (potentially equivalent to 550,000 SMEs). 9% would mortgage their house (potentially equivalent to 495,000 SMEs),” says the report.

Additionally, a third of SMEs have decreased cybersecurity spending since the economic uncertainty or admitted to never really investing in it. As many as 42% of SME senior leaders do not believe it is worth investing in cybersecurity, with over 1 in 5 (21%) believing they are not a target. A further 16% claim it is not worth it because they have cyber insurance, and 10% assert it is not a priority. Only 25% realised it was worth investing in cybersecurity because they could not afford to be breached.

“As a business owner myself, I can understand the pressure many SME decision-makers are currently facing to keep their companies running and ensure their employees are taken care of, all while budgets tighten. It is during these times that emotions run high, and people might make irrational decisions that go against their own, and their company’s best interest,” says Jamie Akhtar, chief executive officer and co-founder of CyberSmart. “It goes without saying that we would never condone criminal behaviour. Moreover, we would strongly recommend that businesses do invest in cybersecurity and compliance.”

“The business ecosystem has become highly intertwined, so no business is immune from cyberattacks. In fact, SMEs could prove to be an easy entry point for cybercriminals looking to hit others within their supply chain, if they have weak cybersecurity postures,” continues Akhtar.

“While cyber insurance is important for risk transfer, it should not be relied on either. A comprehensive and continuous cybersecurity and compliance strategy is needed to avoid the financial, reputational and even, physical repercussions of a breach. Fortunately, there are solutions today that can help in doing so, without breaking the bank.”