SMEs should take cyber security more seriously, shows survey

A new KPMG survey says that SMEs could be frozen out of the procurement process if they do not take cyber security more seriously.

According to the study, looking after valuable client data should be a higher priority for firms, and some risk being disqualified from bidding for work.

Multi-sector survey

The survey of 175 procurement managers by the Big 4 firm covered multiple sectors and included organisations with more than 250 employees.

The findings revealed that 70% of those that took part in the survey thought SMEs should be doing more to help prevent cyber attacks and protect client data.

A notable majority (86%) said they would consider cutting ties with an SME supplier who had been hacked, whilst 94% stated that cyber security standards are an important factor in deciding which SMEs to award contracts to.

Increased emphasis

Partner in KPMG's cyber security practice, George Quigley, said: "Cyber security is not just a technical issue anymore, it has become a business critical issue for the UK's SMEs."

"Larger companies are placing an increased emphasis on the cyber security of their suppliers and increasingly the onus is on SMEs to show that they are tackling this issue head on," he added.

Two-thirds of procurement managers already want suppliers to demonstrate cyber accreditations such as ISO27001, Cyber Essentials, IASME certifications or PCI DDS.

"Unfortunately many SME still take a blasé approach towards cyber security and mistakenly don't see themselves as targets of cyber criminals. Unless these organisations take a more mature approach towards cyber security now, they face the risk of being frozen out of lucrative supplier contracts," Quigley warned.