SMEs: Treat cybersecurity like health & safety
By Clare Fleming, IIRSM
In order to achieve a best practice approach, health and safety consultants must keep extensive, detailed records including personal details, accident records and the business processes of the people and companies they are working with. As with any business, it is essential that this data is held securely and that those health and safety consultants collecting it, implement an effective cyber security plan that doesn’t leave them vulnerable to attacks on their data, protecting their small businesses and their clients alike.
Cyber Security – What’s Changing?
From May 2018 the new EU Data Protection Regulation (GDPR) comes into force and all businesses will be required to demonstrate greater accountability and planning for their cyber security processes. A significant change as a result of the Regulation is that larger fines, dependant on turnover and the type of failing involved, will be incurred by businesses that breach the regulations.
The IIRSM has developed a Practical Guide in conjunction with Zurich that offers SME owners and their employees the support they need to feel better able to protect themselves and their business and ensure they are not overwhelmed. It is an easy to use, detailed handbook on the key steps to take when putting a cyber attack prevention plan in place. From assessing the risk to your business and the types of data you hold, through to the practical measures you need to take to establish your plans effectively, the Guide offers step by step advice on perfecting a layered approach to cyber security.
How does this impact me?
74% of small businesses in the UK reported a security breach in the past year alone and they are regarded as particularly lucrative to attackers as their attacks can be quick and achieve the highest return for minimum efforts.  The worst security breaches can cost SMEs between £75,000 and £310,000 and it is essential that reliable information is made widely available to SME business owners on how and why to implement data security measures that comply with the GDPR.
Collectively, these SMEs make up 99% of the UK’s 5.4 million businesses. With such a large stake in the market, it is vital that SMEs protect themselves accordingly from the threat of damaging cyber attacks by recognising the lessons to be learnt from health and safety approaches. UK SMEs can be equipped to proactively tackle cyber security with the same success in reducing prevalence rates as they have with health and safety.
To download the IIRSM Practical Guide or to find out further information on cyber security from the APMG International whitepaper, ‘Managing Cyber Risk’, please visit http://www.iirsm.org/cyber-security
 House of Commons Briefing Paper, Number 06152, 7 December 2015
Clare Fleming, IIRSM