The Scottish public sector spends more than £11 billion a year buying goods, services and works but SMEs could miss out on a share of the lucrative market by failing to show that they take digital security seriously, a leading IT specialist has warned.
There is a growing demand within the public sector – such as central and local government, health and social care – for suppliers to have a demonstrable standard in cyber security, with the Scottish Government at the forefront of efforts to raise the bar on supply chain cyber security.
Austen Clark, managing director of Aberdeenshire-based Clark Integrated Technologies, said that businesses with public sector contracts – or those that hope to win work in future procurement processes – will need to show their commitment to cyber resilience by seeking a recognised accreditation.
And he warned that companies that fall short on having cyber security recognition do so at their peril. Mr Clark said: “As part of the tightening of supply chain cyber security, contractors that fail to meet minimum requirements can be ruled out of the bidding process.
“Being out of the procurement process means lost opportunities, and a loss in revenue streams which could have far-reaching implications for SMEs of all kinds, from building trades to hotels, taxi operators to cleaning contractors.
“The ability to evidence a defined knowledge, understanding and commitment to cyber security is not only being seen in the public sector, but is increasingly embedded in in the wider business landscape.
“This is not without reason. Setting standards on digital security is an effective way to minimise the impact of the rising tide of hack attacks. It’s essential to business resilience and more commercial operators are seeking similar safeguards from their suppliers.
“In a climate of increasing cyber threats, supply chains can be seen as an easy route to attack larger organisations. At its core, these measures are being put in place to raise awareness and enhance cyber resilience. It’s critical for SMEs to evidence that they have high regard for cyber and trade securely, regardless of size or sector.”
The average cost of a cyber attack on an individual SME is around £6500 but the damage can be far more than financial – it impacts on the reputation and can damage a brand, stopping its ability to win new business, or losing existing clients.
These crisis incidents cost the UK economy £8.8 billion, and are a growing concern for small businesses everywhere, with nearly a quarter of those recently surveyed saying they had been affected by an attack in the past year. Almost a quarter said they couldn’t survive for more than a month if unable to trade following an incident.
The Scottish Government has a scheme in place for SMEs and sole traders to access up to £1,000 to help improve their digital health by obtaining Cyber Essentials certification, which can help protect against many internet-borne attacks.
Mr Clark added: “It’s a must for any firm doing business with public sector organisations. The MoD, NHS and councils are all seeking this status from their contractors, so if you want to bid for public sector contracts then you need accreditation, even if digital services are not core to your business operation.
“Anyone can play lip service to cybersecurity, but what counts is recognised accreditation. With the government-funded voucher scheme, it’s a chance to tap into a funding stream and gain a certificate which will help future-proof your business.
“Applications for this scheme remain open until March, or until the funding pot dries up, so I’d strongly advise businesses to take advantage right away.”
The Scottish Enterprise Voucher Scheme is available on a first come, first served basis and applications close in March 2020. More information is available from Clark IT at www.clark-it.com
Clark Integrated Technologies is an IASME Cyber Essentials accredited certification body. Formed in 1991, Clark IT provides IT support, cybersecurity services and cloud solutions to a wide range of clients across Scotland.