While cyber attacks on well-known large companies such as British Airways and T-Mobile tend to grab all the headlines, it’s smaller businesses that are much more likely to fall victim. New research suggests as many as 130,000 small and medium-sized enterprises in the UK suffered some form of cyber crime last year.
Almost two-thirds of UK businesses with between 10 and 49 members of staff were targeted by cyber criminals in 2018 according to a survey conducted by internet service provider Beaming and the market research group Opinium. The survey suggests each attack cost the business targeted an average of £65,000.
That would put the cost of cyber crime to small businesses in the UK last year at £13.6bn, around 80 per cent of the total costs registered by all businesses large and small. In other words, while cyber crimes against small businesses rarely attract much attention beyond the business itself and its customers, these attacks account for the lion’s share of malicious activity.
Moreover, the cyber criminals appear to be both expanding their activities and targeting small businesses more frequently. The 63% of small businesses that reported falling victim to cyber crime last year was up from 47% in 2017.
Sonia Blizzard, the managing director of Beaming, warned that while larger companies are also frequently attacked, their defences against cyber crime tend to be more sophisticated. “Everyone is a potential victim and the cost of an attack can be devastating,” she said.
“Larger businesses fall victim at the greatest rate because they have more people and more potential sources of vulnerability. However, they also tend to have multiple layers of protection in place to limit the spread of an attack and are able to recover more quickly after one.”
Small businesses are vulnerable to a range of different types of cyber attack, with criminals now targeting both technical weaknesses in companies’ systems and their employees.
Phishing emails, where criminals attempt to secure personal data and system log-in details in order to commit fraud, were the most common type of attack last year, accounting for 25 per cent of small business cases.
However, ransomware attacks, where criminals demand a payment to release the victim’s computer system from a virus they have installed, often proved to be more expensive. The average such attack cost the victim £21,000 last year.
Efforts to persuade small businesses to protect themselves against cyber crime – including a string of initiatives from the Government – appear to be falling short. Many small businesses complain that the cost of mitigating risk is prohibitive; others assume that their small size will protect them, with criminals more likely to target bigger businesses with deeper pockets.
Research also suggests that cyber criminals are increasingly targeting small businesses as a potential entry point into larger organisations. Where small businesses are part of a larger company’s supply chain, for example, they may represent a point of weakness for cyber criminals to exploit. A breach of this type jeopardises the smaller firm’s relationship with what is often a key client.