Multiple cyber-crime surveys are undertaken every year to ascertain how many businesses are affected and how it has cost them. I have picked out two that both confirm that small businesses or SMEs are the most vulnerable.
Research from Beaming revealed two thirds of UK companies, employing between 10 and 49 people, fell victim to some form of cyber-crime last year. The average cost of cyber-attacks on small businesses amounted to £65,000 per victim in damaged assets, financial penalties and business downtime. The puts the total bill of cyber-crime across all UK small businesses in 2018 at an estimated £13.6 billion.
This annual survey of business leaders indicates 33% of UK companies fell victim to cyber-crime in 2018. Malicious phishing emails claimed the greatest number of victims (25%) while ransomware attacks were the most financially damaging, costing victims £21,000 each on average.
Meanwhile, ‘The 2018 State of Cybersecurity in Small and Medium Size Businesses’ study revealed 67% of SMEs experienced a cyber-attack - phishing, advanced malware, zero-day and ransomware - and 58% experiencing a data breach.
The report showed small businesses increasingly face the same cyber security risks as larger companies, but only 28% rate their ability to mitigate threats, vulnerabilities and attacks as “highly effective” and 47% of respondents said they had no understanding of how to protect their companies against cyber-attacks.
Small businesses need to take heed of statistics like these. They mean a cyber-attack is almost inevitable so they need to be prepared. They may have invested in a firewall a few years ago and are happy to leave it at that, but this will not be effective enough. Like all hardware, firewalls have a shelf life. Once it is five years or older, it is unlikely it will benefit from updates that keep pace with the threats that are being created on a daily basis.
In addition, business need more than just a firewall. They need advanced protection from intrusion detection systems (IDS), intrusion prevention systems (IPS) and cloud security solutions, as well as content filtering to make sure sensitive information isn’t unwittingly or maliciously leaked.
All these solutions may leave small businesses feeling bewildered if they do not have the luxury of an IT department. Do not neglect the issue though; seek advice from a third party. The statistics speak for themselves.
A cyber-attack is more a question of ‘when’ not ’if’.
If you are worried about your cyber-attack protection, get in touch with me and I will see how we can help you. We can also offer you a free trial to cloud-based security product, Cisco Umbrella, which protects all your devices and your network, while also offering intelligent filtering that can deliver corporate policies for staff web use.