According to new analysis from the Federation of Small Businesses (Cyber Resilience: How to Protect Small Firms in the Digital Economy), small firms in the UK collectively fall victim to cyber crime 7 million times per year, at a cost to the economy of around £5.26 billion.
And even though 93% of small firms have taken steps to protect their business from cyber threats, those measures have proven inadequate: 66% of small businesses have been a victim of cyber crime. These businesses suffer an average of four cyber crimes every two years at a cost of nearly £3,000 – disproportionately more than big businesses when adjusted for organisational size.
Phishing (49%), spear phishing (37%) and malware (29%) attacks are the most frequently reported methods.
FSB’s national chairman Mike Cherry said: “Small firms take their cyber security responsibility very seriously but often they are the least able to bear the cost of doing so. Smaller businesses have limited resources, time and expertise to deal with ever-evolving and increasing digital attacks. We’re calling on Government, larger businesses, individuals and providers to take part in a joint effort to tackle cyber crime and improve business resilience.”
Cyber security controls for small businesses
Analysing the preventive measures taken, FSB found an overwhelming reliance on security software – 80% of respondents had installed it. However:
- only 53% performed regular software updates,
- 41% secured their business’s wireless network,
- 20% trained their staff in good IT security practices,
- 9% undertook regular security testing,
- 5% encrypted communications,
- 4% had a written plan detailing measures to take if attacked, and
- only 2% had obtained a recognised security certification like ISO 27001 or Cyber Essentials.
In fact, “Neither the Cyber Essentials Scheme nor ISO 27001 appear to have been adopted by the small businesses community in any significant scale.”
This only reinforces the findings of a 2015 Cyber Streetwise study, which found that SMEs were “putting a third (32%) of their revenue at risk because they are falling for some of the common misconceptions around cyber security, leaving them vulnerable to losing valuable data and suffering both financial and reputational damage”.
Small firms that want to improve their cyber security should look to the government’s Cyber Essentials scheme as a place to get started. The scheme’s five security controls could help prevent up to 80% of common cyber attacks – and they improve business efficiency by helping companies make the most of their limited resources.
This is by no means an expensive route to cyber security, either – IT Governance’s Cyber Essentials certification packages start at just £300 per organisation.