Cyber attacks on SMBs 'cost UK economy £5.36 billion'

A padlock against a golden background to represent cyber security

UK SMBs suffer a cyber attack seven million times a year, with the average hack costing them 3,000, new research has shown.

The Federation of Small Businesses (FSB) found that SMBs are the victim of an average of four cyber attacks every 24 months, with 66 per cent of the 1,006 organisations surveyed having been a victim of cyber crime at some point.

Typically, attacks targeting SMBs take the form of phishing (49 per cent), spear phishing (37 per cent), malware attacks (29 per cent) and "card not present" credit and debit card fraud.

While the average 3,000 cost of cyber attacks over the course of 2014 - 2015 may look relatively small, the aggregate cost of all cyber attacks on SMBs was 5.36 billion over the same period, according to the research.

This, in turn, can have a significant impact on the UK economy, as 99 per cent of companies in the country are small businesses with fewer than 250 employees, but which generate half of the UK's GDP, according to government data.

A total 93 per cent of respondents had some kind of cyber crime defence in place - normally security software and regular backups, but also 'strong' password policies or crisis plans - small businesses naturally have fewer resources, both financial and human, than their larger counterparts.

This can mean any IT professional employed in-house may be too spread too thinly to focus on security, that IT is outsourced to someone who is, once again, a generalist rather than a security specialist, or the "tech support" role may be incorporated into another job, rather than there being a dedicated team member.

Additionally, the lack of financial capital may mean businesses cannot afford to update their systems as frequently or invest in new technologies to help keep them secure, the FSB found.

Consequently, these businesses may not be implementing best practice, effectively through no fault of their own.

While this soft-spot can make SMBs an attractive target for hackers in their own right, they are also a potential portal to an even bigger pot of gold, with criminals or nation states attacking small businesses with the ultimate aim of gaining access to customers' systems further up the supply chain, particularly large enterprises and government entities.

Commenting on the study, Stephen Love, security practice lead for EMEA at IT vendor Insight, said: "The ... study highlights a key issue in the business landscape - the fight against cyber crime needs to be collaborative. When trying to protect itself against malicious attacks on its network, a small business finds itself in a David versus Goliath situation. But work with thousands of other small businesses, enterprises and the government, soon the small business becomes the goliath."

"However, no business should rely on the actions of others," Love added. "It's too easy to let others fight the fight without getting your hands dirty.

"Collaboration is definitely key in the fight against cyber-attacks. However, this means every business needs to be doing everything they can to put the most effective processes and solutions in place to protect themselves, and not wait for someone else to win the battle."

Jane McCallion
Deputy Editor

Jane McCallion is ITPro's Managing Editor, specializing in data centers and enterprise IT infrastructure. Before becoming Managing Editor, she held the role of Deputy Editor and, prior to that, Features Editor, managing a pool of freelance and internal writers, while continuing to specialize in enterprise IT infrastructure, and business strategy.

Prior to joining ITPro, Jane was a freelance business journalist writing as both Jane McCallion and Jane Bordenave for titles such as European CEO, World Finance, and Business Excellence Magazine.