Nearly half (49pc) of SMEs plan to spend less than £1,000 on cyber security in the next 12 months, according to a survey by an insurance company. Results from the latest Zurich SME Risk Index suggest that almost one in six (16pc) SMEs have fallen victim to a cyber-attack in the last 12 months. Businesses in London are the worst affected with almost a quarter (23pc) reporting that they have suffered a breach within this period. Of businesses that were affected, more than a fifth (21pc) reported that it cost them over £10,000 and one in ten (11pc) said that it cost more than £50,000.
Yet, despite the volume of attacks and potential losses, the survey of over 1000 UK SMEs showed that business leaders are not committing to investing much in cyber security in the next year. Almost half (49pc) of SMEs admitted that they plan to spend £1,000 or less on their cyber defences in the next 12 months, while almost a quarter (22pc) don’t even know how much they will spend.
For businesses of all sizes robustness of cyber security defences is now a genuine concern for winning and maintaining business contracts, the insurer suggests. A quarter (25pc) of medium sized businesses (between 50 and 249 employees), reported that they have been directly asked by a current or prospective customer about what cyber security measures they have in place. This was also true of one in ten (11pc) small businesses (less than 50 employees).
Paul Tombs, Head of SME Proposition at Zurich, says: “While recent cyber-attacks have highlighted the importance of cyber security for some of the world’s biggest companies, it’s important to remember that small and medium sized businesses need to protect themselves too. The results suggest that SMEs are not yet heeding the warnings provided by large attacks on global businesses.
“While the rate of attacks on SMEs is troubling, it also shows that there is an opportunity for businesses with the correct safeguards and procedures in place to leverage this as a strength and gain an advantage.”
Comment
Gordon Morrison, Director of Government Relations at McAfee, says: “No matter how big the business, no organisation is too small to be a target for cybercriminals. For many large enterprises, with the IT and security support in house, taking a comprehensive and strategic approach to cybersecurity is often high on the priority list. For SMEs, knowing where to start is often one of the greatest challenges. For others, who don’t have substantial budgets for enterprise security products, there’s a lack of understanding for how valuable just introducing the basics is.
“The government’s Cyber Essentials scheme has helped many UK SMEs make huge strides in their cyber defences. Achieving this basic level of cybersecurity is claimed to prevent up to 80 per cent of cyberattacks, to which organisations would otherwise be vulnerable. The scheme represents a brilliant resource for SMEs who want to take their first steps into better cyber hygiene, and ensure that they’re putting their efforts and budget into the most effective defences.”
