The researchers analysed the information security systems and expenditure breakdown of 803 SMEs operating in Italy last year.
Alessandro Piva, director of the research observatory says:
Cybercrime has grown dramatically over the past months, alongside a continued rise in ransomware, where hackers demand payment of a ransom to release data, and attacks on products linked to the Internet of Things.
Yet despite this, SMEs are not taking the threat seriously, with only 9% running training courses or merely emailing information to their employees. Although 93% of SMEs report that they allocated a security budget for 2016, this does not necessarily mean that it was spent in a well-informed manner. In fact, the top reported reason for security expenditure was to comply with legislation (48%).
Companies are struggling to look beyond the short-term and are failing to create robust, future-focused cyber security plans.
Piva says:
The need for a long-term approach to how information and privacy are managed and the organisations data is kept confidential should be a top concern of a companys upper management.
It seems that smaller organisations dont anticipate that they will be targeted as victims of cybercrime in the same way as, say, Yahoo in 2013, where a hack left over one billion users information publicly available. Yet without a contingency plan or any preventative measures, these companies are leaving themselves wide-open for potentially devastating cyber-attacks.