The severity and frequency of cyber security breaches is continuing to increase and it is starting to feel like no more than a few weeks pass before another high profile case is reported in the media. It is understandably a topic that is high on the agenda of many CxOs. In particular, we see that large government departments and big private organisations, where the potential impact of a breach can be huge, are acutely aware of this issue. Many invest heavily in defending themselves and use the very latest technology to achieve a high level of protection. And this is the market that we see most cyber security firms targeting, which is logical – it’s where the money is.
However, when you look at the UK as a whole, large government departments and big business only make up part of the economy. In fact, SMEs make up about half of private sector turnover. Many of these SMEs are providing critical services and infrastructure. And this is where we see a cyber security blind spot in the UK. Because whilst cyber security firms are mostly targeting big government and big business, and developing complex solutions that can work well in those contexts, a significant part of the economy is being left behind. In our experience, the approaches that can work well for larger organisations, are just too complex and costly for a typical SME.
At Naimuri, our mission is to help SMEs get on top of cyber security. We recognise that there are certain SMEs who understand the threats well and are already implementing appropriate solutions to proactively defend themselves. But in cyber security terms these companies are the “early adopters” in the adoption lifecycle and represent a small fraction of the total population. We want to help cyber security cross the chasm and become mainstream amongst SMEs. But how do we hope to achieve this?
Firstly, rather than trying to impress clients with technical terms and archaic jargon, we are explaining cyber security using business language that is meaningful to business owners. We aim to help them understand the vulnerabilities they have and how these could have an impact on their business.
Secondly, we are applying our company ethos to productionise and automate cyber security in order to bring down the cost and timescales, making it more affordable. Most SMEs cannot budget for several days of an expert security consultant’s time, and with our approach they won’t need to.
Finally, we recognise that in cyber security the usual 80:20 rule applies, with 80% of the protection against threats coming from 20% of the investment. Our goal is to ensure that SMEs can effectively prioritise the actions they need to take in order to give them the best possible protection, as quickly as possible, with the resources they have.
We believe that by applying these principles we can help to eliminate the SME cyber security blind spot that exists in the UK, and make it a safer place to do business.