SMEs hit by 10,000 cyber-attacks daily

Small and medium sized businesses (SMEs) are collectively subject to almost 10,000 cyber attacks a day, costing the sector billions of pounds a year.

According to new findings from the Federation of Small Businesses (FSB), 20 per cent of SMEs have been subject to a cyber attack in the two years to January 2019, with more than seven million individual attacks being reported over the same period, equating to 9,741 incidents a day.

The annual cost to SMEs of these phishing, malware, fraudulent payment scams and ransom-ware attacks is estimated to be £4.5 billion, with the cost of an individual attack averaging £1,300.    

Businesses in the North West, South East and West Midlands most likely to suffer from cyber threats.

However, despite the escalating threat of cyber attacks, 35 per cent of businesses say they have not installed security software over the past two years, 40 per cent do not regularly update software, and a similar proportion do not back up data and IT systems. What’s more, only 47 per cent of SMEs say they have a strict password policy in place for devices.      

Commenting on the research, FSB Policy & Advocacy Chairman Martin McTague says: “These findings demonstrate the sheer scale of the dangers faced by small firms every day in the digital arena.

“The issue of business crime is overlooked too often – even more so of late in this climate of sustained political uncertainty and inaction. Meaningful steps must be taken to safeguard our small firms, and by extension the wider economy.

“More small firms are waking up to the threat of cybercrime. It’s a threat that’s evolving rapidly, but too many small businesses still lack access to the resources and budgets needed to contain it.   

“The Government should be doing more to tackle this scourge by enhancing the current policing response – including investing more in cyber upskilling for police personnel as part of its wider recruitment push.

“There’s also a discussion to be had about whether tackling cyber threats should be handled entirely by specialists at the regional or national level, rather than local constabularies, building on the work of the National Crime Agency.  

“Banks also have a role to play. They should be building in as much resilience as possible into banking and payments systems, and made liable for the losses of business – not just consumer – customers when they fall victim to cyber-crime. 

“Software providers could also be doing more. Government should be prepared to step-in and require automatic patching and updates to be the default option for all software products.”  

Cyber security is a collective responsibility and it is essential that SMEs take the necessary steps to protect against cyber attacks.

If you have any concerns relating to this matter, we are able to put you in touch with companies within our extensive network of contacts who will be able to assist. It’s part of our commitment to supporting SME businesses by providing holistic business advisory services. 

For further information, please contact Steve Govey or your usual Beavis Morgan Partner.