Budgeting for SMEs – why you should put cybersecurity first


Most of us hate budgeting. Sure, we all know an accountant who lives their life by the iron law of the spreadsheet. But, for most people, budgeting is just a tiresome task that’s necessary for the nitty-gritty of daily life. 

The same thing applies to running a small business. While we might not enjoy it, maintaining a sensible budget is often the difference between running a successful SME and joining the 60% who fail in their first five years

But while we’re all aware of the need for balanced books, there’s one aspect of budgeting that doesn’t often figure highly in SMEs’ plans. Cybersecurity. Here’s why your defences against cyber threats should be as important to your budget as OPEX or CAPEX. 

Budgeting for a changing world 

Change is part of a business. And every business, big or small, exists in a state of flux. When you think about it, it’s simply the natural order of things. Many of the technologies and business functions that are now crucial to modern organisations were niche concerns as recently as twenty years ago. Likewise, many things that were once considered indispensable are now close to obsolete. 

A great example of this is printing. Pre-internet, written communication between branches or with customers and suppliers was costly and time-consuming. Essentially, businesses were given a choice of print and fax or print and post – and this was seen as a totally necessary expense. 

Fast forward 30 years and few businesses print much beyond contracts and brochures. Printing is rightly seen as wasteful, environmentally destructive and unnecessary.  

Yet, while businesses have been quick to discard old methods, they’ve been slow to start thinking about cybersecurity in the same way as more traditional expenses.

Why don’t we include cybersecurity in our budgeting? 

So why don’t many of us take cybersecurity as seriously as we should? It can’t be that the risks aren’t high enough.  A 2019 study revealed that over 50,000 UK SMEs would collapse if hit by a cyberattack. And, 1.4 million businesses were hit by major attacks last year, costing them a combined £8.8bn.

Nor is our apathy towards cybersecurity necessarily down to cost. According to Offix, the average business spends £579 per person, per month on printing expenses. Yes, you read that right. Printing; the process we just described as almost obsolete. 

1.4 million businesses were hit by major attacks last year, costing them a combined £8.8bn.

If we take the average SME with a staff of ten employees and multiply that figure by a 12, that’s £5,790 per person, per year. For a business of the same size to invest in Cyber Essentials Plus certification and the CyberSmart platform for one year the cost is £3397.

Not only is that a saving of £2,393, it would also provide complete peace of mind that the business was protected from 98.5% of cyber threats. 

So if neglecting cybersecurity isn’t a value-based decision, what’s driving it?

Why do we view cybersecurity differently?

It’s actually very simple. Although the need for good cyber hygiene becomes more pressing every day, our perceptions of cybersecurity lag behind. Many SMEs view cybersecurity as complex, confusing and expensive. Something better left to big companies with big budgets. 

It’s not difficult to understand why people feel this way. There’s long been a ‘cyber privilege gap’ between large enterprises who can afford teams of experts, expensive consultants and the latest tech and everyone else. But, SMEs can no longer afford to invest the minimum and pray they don’t get attacked. 

Attacks against SMEs are on the rise. And it’s being compounded by COVID-19. VMWare’s recent report reveals 91% of businesses have seen an increase in cyber attacks as a result of employees working from home.

What can you do to better protect your business? 

Despite the perception proper protection is out of reach for many SMEs, it doesn’t have to be. 

CyberSmart Active Protect is built for SMEs. It offers a simple, step-by-step journey to securing your business – with no need for cyber expertise or extra expense. We’ll assess how you’re currently doing with a free cybersecurity healthcheck. Then, once we know where you’re at, we’ll guide you all the way through to achieving security you and your customers can rely on. 

In short, CyberSmart enables your business to: 

  • Protect itself 24/7 with regular checks of all company devices
  • Ensure your people and anyone accessing your data is working safely and cyber aware, with shareable security policies and protected devices – whether company or employee-owned
  • Prove to customers and suppliers you’re cyber secure by completing government-standard cybersecurity certifications

In our troubled times, SMEs face a fight against the odds to stay afloat. It’s estimated as many as 600,000 could shutter their doors for good in 2020. But surviving doesn’t have to mean spending big. Instead, it’s about spending smart. And that starts with cybersecurity.

Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in Cyber Essentials, the UK government scheme that covers all the fundamentals of cyber hygiene.

CTA button