Small and medium-sized businesses are not investing in cyber protection despite spate of attacks
Over a fifth of SMEs hit by a cyber attack said that the breach had cost them more than £10,000 and one in 10 said that it had cost them more than £50,000
Small and medium-sized businesses are not earmarking significant amounts of cash to bolster their cyber-security defences, despite almost one-sixth of all companies suffering an attack within the last year.
According to data compiled by insurance company Zurich, 875,000 SMEs across the UK have been affected by a cyber-attack over the last 12 months, with firms in London worst affected.
Of the companies hit, just over a fifth reported that it cost them more than £10,000 and one in 10 said that it had cost them more than £50,000.
But despite those potential losses, a survey of over 1,000 UK SMEs also showed almost half – or 49 per cent – admitted that they plan to spend £1,000 or less on their cyber defences in the next 12 months, while 22 per cent said that they don’t know how much they will spend.
That’s despite 25 per cent of medium-sized businesses saying that they had been directly asked by a current or prospective customer about what cyber security measures they have in place.
“The results suggest that SMEs are not yet heeding the warnings provided by large attacks on global businesses,” said Paul Tombs, head of SME proposition at Zurich.
“While the rate of attacks on SMEs is troubling, it also shows that there is an opportunity for businesses with the correct safeguards and procedures in place to leverage this as a strength and gain an advantage.”
In April, a study commissioned by cyber security firm CGI and conducted by Oxford Economics found that public companies’ share prices fall by an average of 1.8 per cent on a permanent basis following a severe cyber-breach, where large amounts of sensitive information are lost.
A report by Lloyds of London earlier in Julyargued that a major, global cyber attack – akin to the Wannacry attack that took down the NHS in May – could trigger an average of £41bn of economic losses, a figure on par with a catastrophic natural disaster such as US superstorm Sandy in 2012.
“While recent cyber-attacks have highlighted the importance of cyber security for some of the world’s biggest companies, it’s important to remember that small and medium sized businesses need to protect themselves too,” Mr Tombs said.
The research was conducted by YouGov on behalf of Zurich.