Skip to content

New research from the Scottish Business Resilience Centre has found that 38% of Scottish businesses do not feel prepared for a cyber attack[1].

This comes despite two-thirds (66%) of those surveyed believing that cyber security has become more important[2] for their business over the past year.

The findings come one year after the National Cyber Security Centre (NCSC) relaunched Cyber Essentials, a government-backed scheme to help organisations become better protected against cyber attacks, with leading cyber security specialists IASME Consortium as its partner.

Businesses which become Cyber Essentials-certified can prevent or limit the fallout from up to 80% of common cyber attacks, increasing trust among their customers.

More than 250 Scottish businesses were surveyed as part of the SBRC commissioned research; 78% were aware of Cyber Essentials – but only over half (54%) were aware of the benefits it can bring to an organisation.

Participation in the scheme can also impact business opportunities; some UK government contracts now require the certification and other organisations may prefer to work with certified companies.  As a result, 37% of businesses whose company is not Cyber Essentials or Cyber Essentials Plus certified believed that they have lost out on business as a result.

Jude McCorry, CEO of the SBRC, said: “We’ve seen the number of cyber attacks rise over the past year, and a change in the type of attack as cyber criminals seek to take advantage of our increased reliance on technology while working remotely. It’s not a case of ‘if’ your systems will be attacked, but ‘when’ so it’s vital that business owners go on the offensive and prepare themselves – particularly as the majority of attacks are basic in nature and can be prevented. Learning that so many businesses aren’t confident in how they can prevent attacks is cause for concern.

“Cyber Essentials is a simple way for business owners to become more aware of their cyber processes and accreditation demonstrates to their customers and suppliers that they take their cyber resilience seriously.  It’s clear from the survey that many aren’t aware of the scheme, so we’d like to take this opportunity to encourage people to look into it. Improving your cyber defences could mean the difference between your company surviving a cyber attack or losing all your systems and data.”

Emma Philpott MBE, CEO of IASME, said: “We are pleased to be able to work in close partnership with the SBRC and support their activity with spreading awareness of cyber activity throughout Scotland. By offering crucial support and advice to Scottish businesses, they are making the UK a safer place to do business.”

More information about Cyber Essentials is available on our website, here.

Findings in this release refer to an April 2021 survey of 251 business professionals in micro to SMEs (1-249 employees) in Scotland by Censuswide. Respondents included business owners, chief executives, and people who work in IT.

[1] ‘Very unprepared,’ ‘somewhat unprepared,’ ‘neither prepared nor unprepared’ and ‘unsure’ responses combined.

[2] ‘Much more important’ and ‘Somewhat more important’ responses combined.