Many small and medium-sized businesses in the UK would rather risk customer data than their own growth, despite a cybersecurity incident posing a significant threat.

In a new report from cybersecurity specialists Defense.com, cost, along with confirmation bias, was found to play a major role in cybersecurity decision-making.

According to the report, nearly a quarter (24%) of SMEs spend nothing on cybersecurity, and an additional quarter spend less than $ 1,300 per year.

The main reason they decide not to prioritize investing in cybersecurity defenses is confirmation bias: a third (34%) think they are too small to target, and a fifth (19 %) think their business data is not interesting. target of criminals.

The second main reason is the cost: For 25% of small businesses, it is just too expensive to put together a solid cybersecurity solution.

Pandemic a weak motivator

Even the pandemic, in which the number of companies falling victim to a data breach has grown exponentially, has not proven the need to invest, for many SMEs. More than a third (35%) believe that the pandemic has increased their exposure to cyber risk, but 40% have not been encouraged to invest more.

The pandemic has forced companies to decentralize the workforce and send their employees to work from home. Many of these employees were first thrown into a remote work environment, struggling to find their way. Cybercriminals took advantage of this, targeting dazed and confused teleworkers with unprecedented effort.

In fact, a recent report from Canalys indicated that there were more files hacked in 2020 than the previous 15 years combined.

The pandemic has driven many companies into bankruptcy, while others have ensured their survival only by implementing strict measures, which typically involved cutting the cybersecurity budget, according to the report. This exposed companies to attacks from organized threat actors as well as opportunistic hackers.