Companies in Scotland have demonstrated that they are aware of the risks of cybercrime, but that they are overwhelmed by the advice given on the subject. The result is that they are only taking minor steps to combat the threat such as anti-virus software and firewalls, but this is not enough. The survey has also shown that small businesses also believe that the data they have is not important.
This study is the first to look at why companies in Scotland are not taking the right data security steps. There are daily news stories about companies being the victims of data breaches. The research was carried out on behalf of the Scottish Business Resilience Centre (SBRC) and the Scottish Government by academics at the University of Glasgow.
The director of the SBRC, Many Haeburn-Little, has said that the survey has been essential in developing the information that companies need to protect themselves from data security breaches. She is concerned about companies not realising that the data they hold has a value.
The survey shows that around 95% of companies have security processes, but just 15% of companies considered that they might be at risk. Google is the first port of call for advice for half of all companies, but only 7% turn to a government website for information. With millions of pages of advice on the internet, companies that use a search engine can never be sure if they are reading the right advice.