AS MANY AS 78% of small businesses are “critically underprepared” for cyber threats with doctors surgeries and other community medical businesses at the greatest risk, a new report has found. 

The study, compiled by the Digital Resilience for SMEs Research Team at Munster Technological University, worked with Ireland’s National Cyber Security Centre to find the data.

The researchers carried out one of the largest cyber resilience assessments ever in Ireland, based on data from 894 enterprises across 11 sectors.

The findings indicate that 78% of SMEs fall into the “Low” or “Very Low” cyber resilience
categories, while only 6% demonstrate a “High” or “Very High” level of preparedness for
cyber threats.

Micro-enterprises are particularly vulnerable, with 81% ranking in the lowest resilience tiers.

No sector in Ireland achieved a cyber resilience score above 6 out of 10, signalling widespread vulnerabilities across the economy.

The healthcare sector ranks lowest at 3.3 out of 10 despite being one of the most heavily targeted and regulated industries globally.

Dr Hazel Murray, of MTU, said that the risks are clear and especially given that small and medium enterprises make up the majority of Ireland’s economy. 

Murray found that the businesses lack basic mitigations such as file backups and also do not have a plan of where to go when a problem is identified. 

“The biggest problem right now is attackers are targeting smaller companies in order to get at the bigger companies.

“If you are providing a product or a service to a large multinational instead of the attackers attacking the large multinational, it’s much easier for them to attack the small companies, which often have access to the systems.

“That’s what we saw in the Marks and Spencers attack for example – they were not targeted directly, it was against a smaller IT provider.

“Once the reputation of the small business is damaged, it’s going to be hard for that small company to do business ever again with any major organisations,” she said. 

Murray explained that the weakest sector, and the most at risk, was local healthcare providers such as general practitioners, pharmacies and counsellors. 

“We did a comparison by sector about what their cyber resilience score was, and healthcare was significantly weaker.

“If you think about that, these are small businesses – that’s the local GP, that’s the local counsellor, that’s the local pharmacy.

“If they leak data, the impact that has on their communities is significant and even from a personal point of view, when you’re looking at small businesses, the reputational impact is quite substantial,” she added. 

Murray said that the key issue for all businesses, including small companies such as hairdressers and takeaways, is that their ordering systems are now digitised with many running apps and appointments through website links.

The academic said the key solutions for these businesses is to follow three steps to secure their business. 

She has advised the business people to first get a USB key and to move their sensitive files on to this device. This could include customer data, supplier details – by using a USB it puts the files in a safe location.

She said this solution also protects against incidents outside of the cyber threat – for instance floods and damaged computers. 

“That would be the number one thing I would say for people to do immediately,” she added. 

“The top three things you can do to protect your business is to make sure you have data backups, ensure there’s multi factor authentication on your critical assets or your critical systems, and have a plan in place so that if you do suffer an incident, you know what to do.”