SMALL businesses in Scotland are “confused, bewildered and overwhelmed” by the array of advice being offered to help them tackle cybercrime, and more than half have turned to Google, which has left them even more confused, according to a new report.

The Glasgow University study showed small firms were aware of the rising threat of cybercrime, but were still failing to address it effectively.

Their confusion was compounded when they turned to Google, which typically returned 12 million results.

The research said confusion surrounding cybercrime advice left firms choosing to take only the most minor “common knowledge” preventative measures, such as anti-virus software and firewalls, which left them unwittingly vulnerable.

It also showed that SMEs still did not regard the data they hold, whether their own or that of customers, as having value.

The study is the first of its kind to assess why Scotland’s SMEs are not doing more to protect themselves, despite almost daily reports of companies being hacked, having personal data stolen or experiencing a loss of business.

It was commissioned by the Scottish Government and the Scottish Business Resilience Centre (SBRC) and funded by a Royal Academy of Engineering Industrial Secondment Grant.

SBRC director Mandy Haeburn-Little said the results provided crucial guidance on how small businesses, government and other agencies all need to change their thinking to counter the threat of cybercrime.

She said: “It’s vital we do everything we can to support smaller companies including the many businesses who work from home.

“These findings will help us to do this. They show that SMEs do care and take cybercrime seriously, but they are hitting obstacles on what to do about it.

“However, also particularly concerning is that many small businesses still do not recognise that there is a value attached to the data they hold.

“The fact that there is so much advice online – and also significant levels of conflicting advice – is leaving them confused, bewildered and overwhelmed.

“The survey also shows that the majority of people simply turn to Google for advice despite there being several dedicated websites and portals of guidance available.”

She added: “This all points to the need to establish clarity over recommended actions and a single source for advice and contact.

“This is very much in line with the concept of the creation of a cyber hub for Scotland which would act as one trusted source of advice and cyber security services at affordable cost. SBRC is taking forward the scoping of this concept with more news on this expected in the next six months.”

The SBRC said it was considering how small businesses can be more supported with their specific needs and for other simple measures to be introduced to keep cybercrime front of mind to help to drive behavioural change.

University of Glasgow senior lecturer Dr Karen Renaud, who was seconded to the SBRC and who conducted the survey, found that 95 per cent of businesses carried out security activities that showed they did care about security, but only 15 per cent thought they were at significant risk of being the targeted.

More than half said they consulted Google for cyber advice with less than seven per cent consulting Government websites.