SMEs don't understand their vulnerability to cyber-attacks

Small and medium sized (SMB) companies are at greater risk of financial losses from cyber-attacks due to a lack of understanding about how they are vulnerable and why they might be attacked, and as a result they are complacent about or ignorant of their risk profile.

Research by the government's Cyber Streetwise campaign shows that two thirds (66 percent) of SMEs don't consider their business to be vulnerable, and just 16 percent say that improving their cyber-security is a top priority for 2015.

More than three quarters (78 percent) of small businesses believed at least one of the most common misconceptions about cyber-crime, including the following myths:

  • Only companies that take payments online are at risk of cyber-crime (26 percent). Whereas the reality is that all SMEs are at risk and in addition to payment processing being hacked, a wide range of other data can also be stolen from businesses. The government's Information Security Breaches Survey found that the average cost of the worst security breach is between £65,000 and £115,00 and can result in a business being put out of action for up to ten days..
  • Small companies aren't a target for hackers (22 percent). Again, the truth is that small businesses are a bigger target than ever because they typically hold far more data than the average consumer, but often don't have any additional preventative measures in place to protect themselves. Last year 33 percent of small UK businesses suffered a cyber-attack from someone outside their business. As suppliers, they are also a route in to larger companies.
  • A quarter (24 percent) of small businesses think that cyber-security is too expensive to implement and 22 percent admit that they ‘don't know where to start'.

Cyber Streetwise is providing free advice via www.cyberstreetwise.com, with the top three tips being; always using strong passwords, keep software up to date and delete suspicious emails. Companies can also take advantage of free online training courses for staff, implement Cyber Essentials and follow a simple cyber security guide for small and medium-sized firms.