SMEs seriously under-estimate the cost of data breaches
SMEs in the UK are seriously under-estimating the potential costs of a cyber-attack and less than half have a data breach response plan in place, according to a new report.
The third annual data breach preparedness study from Experian found that SMEs estimated the average cost of a data breach to be £179,990. According to government figures the true cost is closer to £310,000, a difference of more than £130,000.
As well as the direct costs associated with rectifying a serious data breach, there may also be other indirect costs to consider, such as brand and reputational damage. Almost two thirds (64%) of consumers say they would be put off from using an SME’s services following a data breach. Despite this, less than a quarter (23%) of small businesses surveyed acknowledged this risk.
Almost three quarters (74%) of UK SMEs had already experienced some form of data breach over the past 12 months. When it came to contingency planning however, only 45% of respondents said they had a data breach response plan in place.
When asked why they had no such plan, more than half (51%) said they simply did not see it as a priority. Some 40% said they did not think they were at risk and 20% said a lack of available budget was the main barrier to setting up a plan.
Given the large potential costs associated with a serious data breach, failing to set up proper contingency plans could be seen as false economy, even for SMEs without significant surpluses.
More than three quarters (77%) of SMEs surveyed said they were confident that they would know what to do in the event of a data breach. Even those who had plans in place however had not always considered every ramification.
According to the report, 60% data breach response plans contained no provisions for customer remediation. 48% contained no provisions for insurance and 49% failed to detail a strategy for communications around a potential data breach.
By Phil Smith