Small firms have their "heads in sand" over cyber-crime

Date: 22 October 2019

Data breach on a business laptopAlmost 90% of SMEs are not insured for cyber-crime despite recognising it as the biggest threat to their business, a new study has found.

A survey of more than 500 small business owners across the UK by PolicyBee has found that 86% believe they could be affected by a cyber-attack and 56% said the likely impact would be the cost of cleaning up. However, only 12% said they have insurance in place to cover the bill.

According to PolicyBee, the average cost of a cyber-attack on a small business is £25,000 in damaged assets, financial penalties and business downtime. But the steps taken by SMEs to protect themselves from cyber-crime are often limited. The findings show that 33% of business owners had installed further IT security, 30% had asked a consultant to add more robust measures to back up data and 15% had educated staff on how to avoid scammers online.

"The problem is that people see cyber-crime as an IT issue," said Kerri-Ann Hockley, PolicyBee head of customer service. "They think that because IT have put measures in place, they are safe. But the fact is that even with excellent security measures in place, there can be breaches.

"What's more, although cyber security most often makes it into the headlines because of large breaches at larger companies and corporations, the most frequent threat is actually to small and medium-sized businesses, because they are likely to be less well protected.

"The reality is that the cost of a cyber-attack can shut you down and yet there remains a 'head in the sand' attitude to how big a threat this is," said Hockley. "You need a three-pronged approach to cover yourself: excellent IT protection, well trained staff and the right insurance cover."

According to research by business internet provider Beaming, almost two-thirds of UK companies employing between ten and 49 people - about 130,000 businesses nationwide - fell victim to some form of cyber crime in 2018. Attacks included phishing, ransomware, social engineering, malware, phreaking, a virus, website defrauding and hacking.

"Unfortunately the threat of a cyber-attack is increasing all the time, with hackers finding ever more sophisticated ways to breach corporate defences to gain access to customer names, email addresses, and even bank details," said Hockley. "All it takes is for an unwitting employee to open the wrong email attachment and hackers could instantly have access to a company's data or systems."

Written by Rachel Miller.

Small business news

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.