The UK Government's Cyber Security Breaches Survey 2021 found that 39% of UK businesses had experienced a cyber attack or security breach in the previous 12 months. Of those businesses, 47% were small businesses (defined as having 10-49 employees).
According to the Hiscox Cyber Readiness Report 2021, small businesses in the UK are targeted by cyber attacks on average 2.4 times a year. This is higher than the global average of 1.4 times a year.
The same report found that the average cost of a cyber attack for a small business in the UK was £25,736. This includes the cost of business disruption, lost income, and the cost of repairing or replacing damaged IT systems and data.
Is your business too small to be hit by a cyber attack? No, is the simple answer. The latest research from the Federation of Small Businesses (FSB) shows that small businesses fall victim to almost 10,000 cyber attacks per day. That’s 8.64 per second. And those are only the successful attacks. Many, many more are attempted.
So why are small businesses not protecting themselves against these attacks? Quite simply, they don’t think they are big enough to be a target. While this is completely understandable, the stats prove that cyber security should be a major cause for concern, even for the smallest of businesses. In the 30 seconds it’s taken you to read this introduction, almost 260 cyber attacks have been carried out on SMEs.
Cyber security stats for SMEs
The Cyber Security Breaches Survey is an annual governmental report that evaluates how UK organisations approach cyber security, as well as the impact of breaches that occur.
The findings show that over a third of micro and small businesses have suffered cyber breaches or attacks. Think about the last small business networking event you went to. Over 30% of the people in the room had potentially been hit by a cyber attack.
Yet, despite this, many small businesses are not taking the right steps to protect themselves. The FSB found that over a third of SMEs haven’t installed any form of security software and around 40% fail to carry out regular software updates and back up data and systems. These statistics are consistent with the number of successful attacks, so prove that protection is key.
When participants in the Cyber Security Breaches Survey 2019 were asked why they didn’t have cyber security policies or other measures for risk management, 35% said they were too small, 21% admitted cyber security wasn’t a priority for them, and 19% simply didn’t see it as a risk. Again, the stats demonstrate that these reasons aren’t valid.
The impact of small business cyber breaches
The impact on small businesses can be disproportionately severe. The business is small, and, in all likelihood, won’t be able to bounce back like a larger company. Even if they could cover the direct costs, the indirect costs can be devastating, such as a slowdown in productivity, a dip in team morale and the inevitable damage to reputation. The FSB estimates the costs of cyber attacks on small businesses to be £4.5 billion per year.
Losing thousands of pounds isn’t the worst-case scenario, though. Sadly, a large proportion of SMEs that fall victim to a cyber attack will not survive. While there don’t seem to be UK statistics for this, a US study found that 60% of SMEs go out of business within the six months following a cyber attack.
What’s the first step in protecting your small business?
If this is making for uncomfortable reading, it’s probably because your small business doesn’t have the correct level of cyber security. But it can be daunting knowing how to approach it.
Here at Somerbys IT, we always advise carrying out a cyber security audit as the first step. While you can get one of your own members of staff to do this, ideally an external IT support company should be brought in as that’s the only way to get a solid set of impartial results.
Our Cyber Security Audit service includes a face-to-face meeting with one of our team, who will take you through a list of questions to find out how secure your system is. From this, we will be able to highlight any gaps, get a clear picture of any potential threats, and create a bespoke action list for your company. It may even be possible for us to detect if you’ve already had a breach that may have gone unnoticed.
If this is something you are interested in hearing more about, get in touch with our friendly team today.