Small businesses face big risks from cybercrime

SMBs at disproportionate risk compared to larger firms

New research has found that small businesses in particular are suffering at the hands of cybercriminals these days.

The report from the Federation of Small Businesses (FSB) estimates that SMBs in the UK are attacked in excess of 7 million times every year, and the cost to the country's economy is around £5.26 billion.

Almost all small businesses take steps to protect themselves from digital threats – 93% of firms according to this research – but still, 66% of SMBs have been a victim of cybercrime when you look back over the past two years.

Those who have been hit have, on average, suffered four incidents costing each business an estimated £3,000 in total, the FSB says.

The FSB further notes that when you take into account an organisation's size, small businesses are disproportionately affected by cybercrime compared to larger firms, and so it argues that SMBs should be given more support in combating attacks.

The biggest danger to businesses comes from phishing, which are the top two most common threats aimed at SMBs: phishing emails represent 49% of threats, and targeted spear phishing is on 37%, considerably ahead of malware attacks which are in third place on 29%.

Plan of action

As for SMB security, the report noted that 80% of small firms use computer security software and 53% said they perform regular updates of their computer systems. However, only 24% of small businesses have a strict password policy, and only 4% have a written plan of action to follow if they are hit by an attack from a cybercriminal.

The FSB said there should be better incentives for SMBs to invest in cyber-defences, and that there should be a "simplification and consolidation" of cybersecurity resources provided by the government online, with the National Cyber Security Centrebecoming a central hub for the latter.

Mike Cherry, National Chairman of the FSB, commented: "The digital economy is vital to small businesses – presenting a huge opportunity to reach new markets and customers – but these benefits are matched by the risk of opportunities for criminals to attack businesses.

"Small firms take their cybersecurity responsibility very seriously but often they are the least able to bear the cost of doing so. Smaller businesses have limited resources, time and expertise to deal with ever-evolving and increasing digital attacks. We're calling on Government, larger businesses, individuals and providers to take part in a joint effort to tackle cybercrime and improve business resilience."