A large majority of small businesses have suffered an IT security breach over the past year, according to a survey carried out for the Department for Business, Innovation and Skills (BIS).
The 2013 Information Security Breaches Survey, conducted by PWC in association with Infosecurity Europe, shows that 87% of small firms suffered a breach, compared with 76% in the previous year.
The attacks also became more frequent and costly, with the median number of breaches for small companies rising from 11 to 17, and the cost of the worst incidents coming in at £35,000-£65,000.
Similar trends are reported for large companies, and although the report does not give a precise figure on the overall cost it says it amounts to billions of pounds per annum, and roughly tripled over the previous year.
Unauthorised outsiders accounted for the largest number of attacks, with 63% of small firms reporting that this occurred, up from 41%. Other significant breaches came from denial of service attacks, hitting 23% of small businesses (up from 15%), outsiders penetrating networks (up from 7%), and theft of intellectual property or confidential data at 9% (up from 4%).
Staff related incidents were also on the rise, affecting 57% of small businesses, up from 45%.
The report says that information security is being taken seriously by small and large companies, and that generally budgets are being stabilised or increased. But ineffective leadership and communication about security risks often means that staff do not take the right actions, and there are weaknesses in risk assessment and skills shortages.
"Overall, the survey results show that companies are struggling to keep up with security threats, and so find it hard to take the right actions," the report says. "The right tone from the top is vital - where senior management are briefed frequently on the potential security risks, security defences tend to be stronger."