Reading a report from the Department for Business Innovation & Skills that small businesses accounted for 99.3% of all private-sector organisations in the UK, and contribute around 60% of all private-sector employment, made me think about what would happen if these companies weren’t protected against cyber crime and how much a cyber attack would cost them.
74% of small companies had a security breach in 2015
So I dug up some data from the 2015 Information Security Breaches Survey to better understand what security incidents cost small organisations – those with fewer than 50 employees, to be clear. Consider that last year 74% of small companies had a security breach, up from 60% in 2014. According to the report, the average total cost of the worst security incidents ranged from £75k and £311k, which included business disruption, time and money spent responding to the incident, lost business, fines and compensation, lost assets and damage to reputation.
Security incidents affect your tangible and intangible assets
The first consequence of many security incidents, be it a malware, DoS or ransomware attack, is business disruption: if your data and entire network are held hostage by ransomware, you can do little or nothing at all. If you don’t pay the ransom or find the decryption key, you lose your data.
You also have to consider the money you will spend fixing the incident and, in case of breach of the law, on fines. A direct consequence of a security breach is lost business, either caused by the business disruption you suffer or the news about your incident spreading among customers, suppliers, etc. The latter is going to have a long-lasting effect on your reputation.
If you had to spend £75k because of a security incident, would your business survive?
Opt for Cyber Essentials certification
If I were the owner of a small organisation, I would consider basic cyber security protections to mitigate the risk of cyber crime – I say ‘mitigate’ because I know cyber crime is pretty much impossible to stop. To help small companies be more secure, the UK Government has designed the Cyber Essentials scheme, because “by focusing on basic cyber hygiene, companies are better protected from low level cyber threats”. According to the scheme, implementing five security controls could prevent around 80% of Internet-based threats, meaning that you can focus on core business objectives to improve your business efficiency.
Download this free guide to see how Cyber Essentials can help you to secure your small company >>
Subscribe to the LinkedIn group UK Cyber Essentials Scheme to receive news and support surrounding the scheme.