Rising Above the Security Poverty Line
Duo played host to a lively media roundtable discussion earlier this week in London. The event was timed to coincide with the release of the findings of a Duo-sponsored YouGov Survey of 1009 UK small businesses about the “Security Poverty Line.” It was attended by a mix of experts including journalists, small business owners and a group of eminent panellists including our own Wendy Nather – who first coined the term ‘Security Poverty Line’ back in 2011 – as well as Professor Richard Benham, Chairman of the UK’s National Cyber Management Centre, Rob Shepherd, a white hat hacker and moderator Paul Fisher of industry analysts PAC.
There was no shortage of interesting findings to ponder over and debate, including the surprising revelation that just 5 percent of small businesses profess to have experienced a data breach in the last year – a figure significantly at odds with the incidents of cyber breaches reported at 46 percent in the UK government’s Cyber Security Breaches Survey 2017 (PDF).
Speculation raged over whether respondents were reticent to admit to the breach or whether they were simply unaware that they’d suffered a breach – particularly since 38 percent admitted to spending zero budget on cyber security defences. One point of view put forward by one of the small business owners present, was that the lack of investment is completely understandable. He added, “When we see massive conglomerates falling victim to cyber-attacks, small businesses feel that if they can’t defend themselves then we have no chance!”
Professor Richard Denham, one of the architects of the government’s cyber awareness course, was the focus of many questions concerning the lack of awareness and/or perceived benefits of government initiatives in the UK like Cyber Essentials. Much discussion also surrounded the best way to tackle the issue of security poverty and whether the onus was on the state, the company or the security vendor to tackle the problem. The Professor declared that the schemes were ‘better than nothing, but far from perfect.’
Other topics discussed at length included the need for more security vendors to step up to the mark and take responsibility for guaranteeing the ability for their products to do what they said on the box.
The central theme of the evening, was that of the Security Poverty Line and Wendy Nather, Principal Security Strategist at Duo, was heartened to learn that there was widespread recognition amongst small businesses that escaping from the security poverty trap is about much more than just money. In fact, the survey found that the knowledge to combat cyber threats was a bigger issue than either money or employee awareness.
Another hotly debated topic was the surprising discovery that 44 percent of small business owners consider they aren’t a target for hackers. Panellists, journalists and small business owners had plenty to say around what needs to be done to address the apparent lack of awareness of the dangers posed to their businesses by cyber attacks. Some advocated the need for a mandatory tick list of cyber essentials, others suggested tax relief on cyber awareness training, and others felt that cyber insurance companies should play a key role in offering 24 x 7 call out services to small businesses hit by attacks.
Overall, despite some excellent food, wine and stimulating debate, there were many interesting theories but no definitive answer to what everyone perceived as a multi-faceted and complex problem. Whether the stick or the carrot offers the best chance of success remains unresolved. However, all agreed on the importance of building greater awareness amongst small businesses of the dangers lurking on the internet and the fact that this debate will likely fuel many more media roundtables for many years to come.