Employees now major technology risk for SMEs as broadband revolution gathers pace
A major new report from NIG outlines the emerging risks that UK SMEs are facing due to their growing dependence on broadband internet and related technology.
Key points:
-
One third of SMEs have no specialist IT support or no support at all
-
A quarter of SMEs are using consumer-level broadband services rather than business services
-
75% of SMEs have no disaster recovery plan for their data; most have never tested their ability to rebuild their system from a back-up
-
Insurers remain unable to provide cover for risks created by SMEs' own staff
-
Connecting to the future report explains how a huge pool of SME IT risk remains uninsured
-
A solution for SME IT risk needs to be found urgently
The UK's broadband explosion is having a major impact on the country's SMEs but large numbers are failing to manage the risks this new reliance on technology creates - particularly with regard to the behaviour of their own staff.
According to a new study by leading SME insurer NIG, over two thirds of SMEs are now using broadband and over half would find loss of the service disruptive to their business.
But the report raises concerns over many SMEs' ability to manage their IT systems and their growing dependence on technology. While insurance can be bought to protect against some of the risks they face, the biggest threat to SMEs' systems - the behaviour of their own staff - remains uninsurable at present.
Examining SMEs' management of their systems, the NIG study concludes that SMEs are using more IT hardware but spend very little on security. A third lack IT support and three quarters have no disaster recovery plan for their data.
A quarter of broadband-using SMEs pay for cheaper consumer-level broadband packages rather than more robust and higher priced business packages that would provide greater protection.
The report paints a detailed picture of how SMEs are harnessing technology but also focuses on the insurance needs of SMEs and the types of insurance products available. According to the report's authors, a clear gap has developed: specifically, risks related to the performance and behaviour of staff fall outside the scope of most existing policies but are revealed to be major problems for SMEs - for example, a member of staff downloading unauthorised software that contains a damaging virus. This creates a significant pool of risk that the SME community must bear currently.
The study predicts that the creation of monitoring software an insurer can download onto a policyholder’s computers and servers will be a pivotal in the development of more comprehensive insurance cover for SMEs' IT systems and data.
The NIG report, Connecting to the future, argues that business, Government and insurers need to play a more active role in rising to the challenge of insuring SMEs' digital and physical IT assets and liabilities, but warns that many SMEs must raise their standards of support and control in order to render their IT systems insurable.
Connecting to the future was written by NIG in conjunction with broadband internet consultancy Point Topic. Commenting on the study, RBS Insurance Director of Commercial Steve Kingshott said:
We now have a large pool of small business risks related to technology that is not fully insurable under most SME insurance products. While physical assets can be protected relatively easily, risks related to the way in which a business manages its system and what its staff do to it are not. That poses a problem for small businesses and presents a challenge to insurers.
"Small businesses are becoming increasingly dependant on IT and data but are also vulnerable to it. Insurance products needs to be developed that not only deal with physical assets such as PCs and servers, but on how staff treat - and possibly mistreat - those assets.
"The insurance industry has to find ways of bridging the gap between where we are today and where we need to be. Small businesses need affordable protection against threats to their IT and data. We hope this report is a first step on the road to developing that cover."
The NIG report concludes that standards of IT management and support within SMEs need to reach consistent levels before insurance products designed to provide comprehensive cover can be made available. Currently the ability of underwriters to insure data and business interruption risk is more limited because so many problems can result from an SME's inability to manage its own system.
For a copy of the full report, please contact FWD on 020 7623 2368.
Back to Press Releases >> |
