Small businesses in Essex to learn critical lessons on cyber security

Managers of small to medium size enterprises (SMEs) in Essex are invited to attend an event where they can learn how to prevent their companies from facing a cyber-attack.

The event, called Digitalisation and Cybersecurity in SMEs: Best Practices for Managers, which will be held at the University of Essex’s Southend Campus, will be delivered by leading digitalisation and cyber security experts.

Dr Marta F. Arroyabe, a senior lecturer at Essex Business School, who is leading the workshop, said: “In today’s rapidly evolving digital landscape, safeguarding a business against cyber incidents has become paramount, and this workshop aims to provide businesses with the necessary understanding and basic tools to navigate this critical aspect effectively”.

According to the Cyber Security Breaches Survey 2023 carried out by the Government, 32% of micro and small businesses, and 59% of medium sized businesses have identified breaches or attacks in the last 12 months.

To help combat this problem, Dr Arroyabe and team have been working on a large-scale project, the UKRI Digital Security by Design (DSbD) programme, funded by the ESRC.

The project has two ultimate aims. Firstly, to explain the relationship between cyber security and digital adoption of technologies in SMEs, and secondly, to provide the best cyber security practices for SMEs that will enable them to have a successful digital transition.

As part of the project, they carried out a study called ‘The impact of cyber security on the adoption of new digital technologies in UK’s SMEs’. Based on a sample of more than 1,400 small to medium sized enterprises, the results found that SMEs are subject to a wide variety of attacks, and that managers of these enterprises have little knowledge about cybersecurity. The workshop is based on the findings from this project.

“We highlight the need to involve SME managers in decisions to invest in cybersecurity systems and cyber insurance, stressing the problems that this may entail for the company, not only in terms of cost and denial of services but also in responsibilities with its stakeholders and loss of corporate reputation,” Dr Arroyabe said.

Their results showed that the most commonly identified type of cyber incident is staff receiving a fraudulent email or being directed to fraudulent sites (36.5%), followed by people impersonating their organisation via emails or online (17.7%), and computers infected with other viruses, spyware, or malware (17.4%).

“As we can see, the results point out that the main attacks have a social nature, and highlight the importance of this type of attack, which is based on a lack of procedures and a lack of knowledge of the company’s personnel of cybersecurity policies. We also see how malware attacks have their importance in SMEs, in line with previous works,” she added.

The workshop and networking event on digitalisation and cyber security is on Thursday 28 September from 7.30am until 11am in The Forum at Southend-on-Sea. Registration is free and breakfast and light refreshments are included.