Why cyber security failures could see SMEs frozen out of procurement

The UK’s small and medium-sized enterprises (SMEs) are putting themselves at risk of being frozen out of procurement opportunities due to their cyber security failures.

 

This is according to KPMG, which recently published a report looking at the IT security shortcomings of the nation’s small businesses.

What the report found

KPMG questioned 175 procurement managers from across the UK and found that 70 per cent believe SMEs should be doing more to protect their digital assets.

 

From taking action to prevent cyber attacks to making sure that sensitive customer data is properly protected, the majority of small firms were found to be failing when it came to keeping their IT systems safe from harm.

 

In addition, 86 per cent of survey respondents said they would remove an SME supplier from a contract if their computer system was hacked due to the risks this could present to their own business. Overall, 94 per cent of procurement leaders believe that cyber security is of high importance when supplier contracts are being awarded.

Missing out on procurement opportunities

Procurement managers expect a certain standard of cyber security from their suppliers, as any hacks or issues will also reflect badly on themselves and could lead to long-term reputational and financial damage to their brand.

 

Many respondents said they want SME suppliers to be able to prove they are reputable in terms of cyber security, with 41 per cent expecting contractors to pay for their own accreditations and formally commit to improving their online security in the future to give them the greatest peace of mind.

 

What’s more, almost half (47 per cent) of procurement chiefs have policies in place that state small suppliers have to let them know if they have been hacked, or they could lose their contract.

 

George Quigley, a cyber security practice partner at KPMG, commented: “Cyber security is not just a technical issue anymore; it has become a business critical issue for the UK’s SMEs. Larger companies are placing an increased emphasis on the cyber security of their suppliers and increasingly the onus is on SMEs to show that they are tackling this issue head on.

 

“Unfortunately, many SMEs still take a blase approach towards cyber security and mistakenly don’t see themselves as targets of cyber criminals. Unless these organisations take a more mature approach towards cyber security now, they face the risk of being frozen out of lucrative supplier contracts.”

 

Mr Quigley added that the focus on cyber security is only likely to increase even further in the coming months and years, meaning it is vital that SMEs take action as soon as possible to improve their cyber maturity levels.

 

Not only does failure to do so mean they could be missing out on procurement opportunities, it also means they will fall dramatically behind their security savvy counterparts in terms of revenue, progress and making an impact on the market.

How SMEs can improve their cyber security

So, how can SMEs improve their IT security and their cyber maturity levels?

 

Simple steps such as choosing hard-to-guess passwords to protect accounts are no longer enough, which is why there has been such a steep rise in cyber security recruitment of late.

 

Expertise in the field is highly coveted, with the IT and computing roles constantly coming out on top in terms of demand in the recent monthly Report on Jobs round-ups from KPMG and the Recruitment and Employment Confederation.

 

While this is good news for those with desired cyber security skills and knowledge, KPMG’s findings demonstrate that unless SMEs take action soon to up their game in this area, their futures could look very bleak indeed.

 

Our 2015 Mid-Year Report combines a review of the prevailing conditions in the security recruitment market with the results of a comprehensive compensation survey, covering both permanent and contract security practitioners.