SMEs still failing to take cyber threat seriously

Despite a  growing number of attacks new research has found just 26 per cent of small business professionals see cybersecurity as a top priority for their organization.

The study by Direct Line business insurance discovered one in six (17 per cent) don’t see this as a priority at all, despite a new wave of cyber threats in recent months.

Direct Line said the level of knowledge around cybersecurity is also poor, just 16 per cent of small business professionals rated their awareness as “excellent”, while 15 per cent said that it “isn’t good”.

“This is concerning given that nearly half of respondents (49 per cent) say that their organisation has experienced a cyber-attack,” The insurer added. “The reasons for these attacks have been diverse, including malware and phishing.”

When it comes to why SMEs experienced a cyber-attack, human error accounts for almost half (42 per cent) of all cyber-attacks.  The research said the figure highlights the importance of cyber insurance as cybersecurity software won’t protect small businesses from this specific vulnerability. In addition, almost one in ten (eight per cent) businesses cited out of date patch software as to why they experienced a cyber-attack.

“The consequences of these cyber-attacks have been devastating for many businesses,” the study said. “Almost a quarter (24 per cent) have had to deal with costs associated with legal action, 23 per cent have had to deal with the financial implications of data recovery and 22 per cent have had to cope with severe brand reputational issues. Nearly one in five (19 per cent) enterprises lost business as a result. Yet just 24 per cent regard cyber insurance as essential for their business.”

Recent research from the Cyber Security Breaches Survey also found that the average cost of a cyber-attack is £4,200.

“This is a huge cost for any business, but particularly for SMEs, which highlights even more the need for cover,” Direct Line added.

On a more positive note, more than half of small business professionals (53 per cent) agree that cybersecurity ought to be taken more seriously.

Within this group, 29 per cent said that this was because of cyber criminals becoming increasingly sophisticated in their scamming attempts.  Over a quarter (26 per cent) said it’s because they are storing more customer, employee, supplier and third-party data on their systems and the same proportion stated it was because they had moved to an online business model and were therefore processing more information.

Alison Traboulsi, product manager at Direct Line business insurance commented: “Our latest research shows that small businesses continue to face a diverse range of cyber threats. Cyber criminals are clever, and phishing and malware continue to be a key cause of cyber security breaches. Criminals will look to catch unsuspecting employees off-guard and lure them in to doing something they shouldn’t, like opening an attachment in a fake email, sharing sensitive information, or inadvertently allowing them to bypass cybersecurity. If this happens and criminals get their hands on sensitive customer data, systems or access to bank accounts, the impact on businesses can be devastating.

“It’s important that employees are trained to identify potential points of vulnerability to help prevent cyber-attacks and that businesses consider taking out cyber insurance to help them deal with the consequences of a breach.”

When it comes to why SMEs experienced a cyber-attack, human error accounts for almost half (42 per cent) of all cyber-attacks.  The research said the figure highlights the importance of cyber insurance as cybersecurity software won’t protect small businesses from this specific vulnerability.

SHARE: