A new survey of 607 of the UK’s business decision makers by Barracuda Networks and Small Business Advice Week has revealed that whilst many UK small and medium sized businesses clearly understand and recognise the value of cyber security, the majority of them are still significantly underprepared for the new European Union General Data Protection Regulations (GDPR) that will come into force on May 25 2018.

The vast majority of those businesses leaders that responded to the survey said that the revenue and capability of their business would be impacted significantly should it become the victim of a cyber attack that caused its systems to go offline. With over 50 of these saying that this significant impact would happen within a week of their systems being offline, it is clear that UK organisations to recognise and appreciate the effect such a cyber attack can have.

However, despite this recognition of the operation of cyber security, 30% of those responding to the survey do not have a cyber attack plan or do not know if they have one. 5% of respondents do not see the need for a cyber attack plan at all, signalling that more education may be needed across the business world in the UK about the potential damage cyber attacks can cause. This could be down to the fact that often decisions are made by non-technical staff in companies who do not understand the impact and other nuances of cyber attacks. The survey revealed that only 35% of companies have their IT manager or IT department make security decisions. The remainer of decisions were made by the managing director (27%, board member (22%) or there is a lack of any clear IT decision maker (9%).

Chris Ross, senior sales VP, international, at Barracuda Networks said: “SMBs often mistakenly believe they aren’t the ‘real’ targets of cybercriminals, and that attackers would rather focus their efforts on enterprises.

“However, often criminals prey on small businesses, assuming they have less cyber security resource to leverage.

“From May 2018, not only will data breaches undermine your company’s trust – and lots of smaller businesses out there depend heavily upon customer loyalty – but they can also very easily impact your bottom line.

“Increased fines or failing to comply with the GDPR may well leave a sizable dent in your organisations. Managing the aftermath of a cyber-attack has now in many cases become more expensive than proactively preventing it from happening in the first place.”

The fines in question under GDPR are much higher than are currently being levied by any European Union country. For severe breaches, fines can be levied up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater. For other breaches, the authorities could impose fines on co