Big companies invest a lot of time and energy in IT security. That’s because they have a lot to protect: customer databases, business leads, valuable intellectual property.

They also have good reason to fear breaches: the Data Protection Act sets out serious penalties for those who fail to protect the personal data that they hold, and those penalties are enacted regularly.

Smaller companies too have assets to protect and responsibilities to live up to. The difference is that a small firm might not be in a position to recover from a security breach.

The Federation of Small Businesses (FSB), set up to represent the interests of the UK’s smaller firms, says that SMEs are not entirely ignorant of basic security needs and that the oft-made assertion that small businesses are unaware of risks is no longer true.

But its research suggests that many companies have less expertise on hand than they really need.