Smaller firms being ‘disproportionately hit’ by cyber-crime
High-profile attacks on large multinationals might grab the headlines but a new report from the Federation of Small Businesses (FSB) claims that smaller firms could be shouldering a higher proportion of the costs of cyber-crime.
Small businesses are collectively targeted around seven million times each year, with an estimated combined cost to the UK economy of £5.26 billion, according to the report. When adjusted to take organisational size into account, this means small businesses are being disproportionately hit.
A large majority of the UK’s 5.4 million small businesses say that the internet is very important to their business and around two in three either already offer online sales and services or plan to do so in the future.
Smaller businesses often rely on the internet but may also be less well equipped to deal with cyber-security issues or to deal with the costs involved when they do fall victim to this type of crime. With attacks becoming ever more sophisticated and the associated costs rising, many businesses could easily find themselves facing insolvency.
Around two thirds of small businesses had fallen victim to cyber-crime in the past two years, with many suffering multiple attacks. The average small business victim of cyber-crime had experienced four attacks in that period, costing nearly £3,000 in total. Some individual incidents cost much more however.
Some of the most common types of attack used to target small businesses include phishing emails (affecting 49% of small businesses), spear phishing emails (37%) and malware attacks (29%). Smaller businesses are also concerned about the prospect of fraud when taking payment from a card that is not present.
The vast majority (93%) of small businesses were taking active steps to protect their firms from online threats. 80% use computer securing software and 53% perform regular updates of their IT systems, but the FSB survey found there was plenty of room for improvement.
Only a quarter of small businesses had a strict password policy in place and only 4% had a written policy for dealing with the aftermath of a cyber-attack.
By Phil Smith