According to a CareersinAudit.com survey, nine in ten SMEs are vulnerable to cyber attacks and other IT threats.
Data leakage, which includes loss of customer and business data, data access and harm to data, is the greatest IT risk for SMEs (38%), followed by cyber attacks (21%) and not being compliant to regulation (17%).
The 304 IT and financial auditors surveyed said the main reason why SMEs are at such risk is because business owners do not put IT investment as a top priority.
The report added that business owners' lack of understanding about the risks and technical knowledge of protection mechanisms is fuelling the situation.
Nearly half (47%) of the respondents said most SMEs and start-ups do not have a disaster recovery plan.
Moreover, many IT and financial auditors believe that industry bodies and regulators are not doing enough to raise awareness about the different IT risks and feel the government should be doing more to help SMEs and start-ups.
The recruitment website urged the government to provide grants and interest free loans for small businesses to fund their IT security.
It also recommended making cyber attacks a serious criminal offence and suggested introducing penalties and fines for leaked data, as well as providing free seminars and courses to raise awareness about the risks.
Additionally, the government should also provide regular updates on technology options, the report said.
Simon Wright, operations director at CareersinAudit.com, said, “It is clear from our latest research that many businesses are leaving themselves hugely exposed by having weak risk management systems and in some cases none in place at all.
“It’s time more businesses took greater responsibility to mitigate against IT risk alongside regulators and government helping with potential educational and training initiatives and providing possible funding assistance for start-ups and small businesses.”
Bobby Lane, a partner at accountancy firm SSH, also said that most SMEs do not understand the risks to their businesses and how catastrophic a cyber attack could be. Lane urged businesses to take greater responsibility to mitigate against IT risk.
SMEs underestimate risks of cyber attacks
EU cyber security directive has August implementation date
Board members aren't prepared for a crisis
Lux-leaks scandal: Documents found due to security glitch, court hears