Cyber attacks can cost thousands of pounds in repairs and loss of business, and a new report indicates that small businesses may be more at risk.
Despite this, 30 per cent of small businesses don't have any cyber security strategies in place, and only 23 per cent have a policy for controlling access to systems that are limited to certain employees, according to the report by Business in the Community (BITC).
The report, ‘Would you be ready for a cyber attack?’, also highlights two further pieces of research.
According to the Cyber Security Breaches Survey 2018, the average cost of a cyber breach to a micro or small business is £894, while a report from Barclays found that “frauds against small and medium-sized enterprises (SMEs) cost £35,000 on average”.
Whichever figure you go by, it’s clear that a cyber attack can lead to significant financial difficulties for small businesses.
It may at first seem promising that complying with GDPR was the main driver for small and medium-sized businesses who have implemented cyber security measures in the past 12 months (44 per cent).
However, GDPR was implemented in May 2018 and according to the BITC report:
For the self-employed, freelancers and contractors, perhaps the most useful part of the report can be found towards the end, where BITC lists seven cyber security recommendations for small businesses.
We take a look at them in turn to see what small businesses should do to live up to their cyber responsibilities.
The following five steps are the minimum action the NCSC recommends small businesses take:
In the last 12 months, 40 per cent of small businesses haven’t taken any cyber security action, whether that’s policies, insurance, staff training, or other measures. And more than three quarters (77 per cent) have no policy for controlling access to their data systems.
Small, medium or large – all businesses have data that they’d be lost without. In the report, small business owners are advised to back up their business-critical data as often as possible.
Automatic updates are noted as being the preferred way of doing this, and it’s always worth saving your data in more than one location, whether that’s cloud storage or an external drive.
10 per cent of small businesses never back up essential data.
Stop opportunistic hackers from taking advantage of your security weaknesses and bugs in older versions of the software you use for your business, by updating your software as soon as a new update's released. This includes your:
68 per cent of small and medium-sized businesses automatically update their antivirus software when a new update is released. For malware, 65 per cent apply automatic updates, and for firewalls that figure is 61 per cent.
The report recommends developing a security policy that includes cyber security. If you have employees currently, or you think you might hire them in the future, you should be mindful to share the policy with all of them, ensuring your people are kept up to speed.
Only 35 per cent of small and medium-sized businesses have a basic data protection policy, and only 29 per cent have a policy for controlling access to systems.
If you employ people, you’ll want to make sure they’re working safely online. This includes ensuring they know what to look out for – and the steps to take – to stop your business from falling prey to a cyber attack. And make sure the training you provide suits the person and role being trained.
34 per cent of small businesses think it’s unnecessary, and 28 per cent say they have no particular reason, to provide cyber security training for employees.
Make sure your business is as secure as it can be by staying up to date with what’s happening in the cyber security world. BITC recommends following the NCSC’s Twitter feed for all the latest on the current threats out there.
Cyber insurance can’t replace good cyber security practice – but if you do experience an attack, it can give you peace of mind that there’ll be a limit to the disruption you’ll experience due to things like data loss or having to replace your equipment.
You can read more about this type of cover in our article: What is cyber insurance? A guide for small businesses and the self-employed.
Here's a quick overview of the key takeaway points from the BITC's report:
The evidence in the report shows that small businesses don’t invest as much time or money into their cyber security as medium-sized businesses.
And small and medium-sized businesses tend to have fewer resources in place to deal with cyber attacks than the big corporates. But it’s clear that cyber security isn’t something any size of business can afford to leave on the back burner.
Equally, there seems to be a link between the type of business you operate and the likelihood of you having adequate cyber security measures in place.
For example, only eight per cent of small and medium-sized businesses in the legal, and IT and telecoms sectors have no measures in place.
The worst performing sectors were:
And 34 per cent of businesses in the transportation and distribution sector didn’t know what cyber security measures they had in place.
Compared to other locations in the report, Wales admits to having fewer cyber security measures in place and being less likely to update antivirus, antimalware and firewall software.
Wales also trails behind in the rankings for businesses with no cyber security measures in place:
Best two regions:
Worst two regions:
Let us know which cyber security measures your business has in place, in the comments below.
6th Floor99 Gresham StreetLondonEC2V 7NG
Sol House29 St Katherine's StreetNorthamptonNN1 2QZ
© Copyright 2020 Simply Business. All Rights Reserved. Simply Business is a trading name of Xbridge Limited which is authorised and regulated by the Financial Conduct Authority (Financial Services Registration No: 313348). Xbridge Limited (No: 3967717) has its registered office at 6th Floor, 99 Gresham Street, London, EC2V 7NG.