From necessary evil to competitive edge: why taking a different view on cyber security could help SMEs set themselves apart

Posted on

Profile image of Dr Dan Prince, Professor of Cyber Security, Lancaster University
Dr Dan Prince, Professor of Cyber Security, Lancaster University

Three years ago, many small and medium-sized business leaders would never have considered that their businesses might fall victim to cybercrime.

But, since the start of the pandemic, the number of cyber attacks aimed at even the smallest of enterprises has shot up, as many companies have shifted their business online.

Now, the owners and leaders of all kinds of SMEs are waking up to the fact that their business could also lie in the sights of cybercriminals and are taking steps to protect their systems from attack.

Even simple and cost-free measures, like ensuring strong passwords or introducing two-factor authentication can turn a business from being easy pickings to just too difficult for online fraudsters to bother with.

But, while it’s positive that small business leaders increasingly understand the threat that such crimes present, it’s the ones that see cyber security as being more than a burden and really embrace it that will reap the benefits, says Lancaster University’s Professor Daniel Prince.

Dan Prince, who is professor of cyber security in the University’s School of Computing and Communications says: “It can be tempting to view introducing cyber security measures as a mandatory task that needs to be ticked off so that you can get on with your core business. Many also take a view that any money spent on preventing a breach is no more than a simple overhead.

“But, let’s look at it another way.

“A company that cares about and protects its customers is one that customers will return to.

“And so, a company that cares for their personal or commercially sensitive information, or protects their systems from attack, is massively more attractive for customers to buy from and do business with.

“Suddenly, cyber security is less of a drag and more a real business benefit”, says Dan Prince who has worked with SMEs in Lancashire and beyond for many years to help them to understand cyber security innovation and what it means to them.

Make a change – then shout about it

This means that the task for business leaders is two-fold. First, they need to adopt not only the right practices but also introduce an overall culture that takes cybersecurity seriously.

Dan Prince continues: “Preventing a breach is about so much more than simply installing the latest software. No amount of technology can compensate if the members of your team don’t take cybersecurity seriously.

“Business owners and leaders should ask themselves whether they are supporting a culture where cyber security is prioritised: is it an open environment where people can speak up and challenge if they know that things aren’t being done the right way?”

With the right culture in place, businesses should leave customers and suppliers in no doubt about their commitment to cyber security by integrating it into their core marketing messages.

Professor Prince explains: “Think about Johnson & Johnson baby products. Their focus on caring and protecting is front and centre in their branding. This is a tactic to reassure consumers that they are a company to trust.

“Similarly, SMEs that have both good cyber security measures in place and a culture that takes the potential of a breach seriously, should market that as an asset. That’s when cyber security will truly shift from being a burden to an asset that offers a return on the time, effort and money invested in it.”

Changing cyberculture and practice: support for SMEs

For SME leaders, implementing both technical and cultural change can seem like an overwhelming addition to an already lengthy to-do list.

So, to help them make real, marketable changes in their businesses’ approach to cybersecurity, Lancaster University Management School (LUMS) and the University’s School of Computing and Communications have joined forces to create the new Cyber Strategy Programme.

The Programme, which is fully funded for SMEs in Lancashire, brings together experts from these two, highly-accredited university departments to help SME leaders understand the risk that cybercrime presents and minimise the threat by confidently implementing changes within their systems and teams.

Leadership and culture sessions will empower delegates to build a culture of cyber-excellence within their organisation and they’ll also benefit from the peer support of other business leaders in the area. Workshops will see participants learn from leading cyber and leadership experts, as well as detectives at Lancashire Constabulary’s cyber crime unit.

The Programme will leave delegates with increased confidence in tackling cyber security issues that can help their businesses to lead and implement change: “By staying ahead of the bad guys – the cyber criminals - you can also get ahead of your competitors,” Professor Prince concludes.

Places are available on the Cyber Strategy Programme, starting 16 November 2022

The Cyber Strategy Programme will run over five months via a mix of in-person and online sessions.

A two-day introductory residential session will be followed by monthly one-day workshops with Lancaster University academics and experts. During the five-month programme, delegates will also implement their learning through a company sprint project.

Places are fully-funded by the European Regional Development Fund (ERDF) for Lancashire businesses that employ between five and 250 people.

Find out more and register your interest in joining the programme online at logos: European Regional Development Fund, Lancaster University and Northern Powerhouse


The opinions expressed by our bloggers and those providing comments are personal, and may not necessarily reflect the opinions of Lancaster University. Responsibility for the accuracy of any of the information contained within blog posts belongs to the blogger.

Back to blog listing