‘It won’t happen to us’ – Cybercrime in small businesses

29 Jan

Although customers are getting increasingly concerned about the security of their personal data, many small businesses are still either unconcerned or unprepared when it comes to cyber breaches as they think they are unlikely to suffer an attack. A recent survey showed that only 26% of small businesses in the UK have a formal cyber security policy in place.

Cybercrime is on the rise and can reach any business, large or small. Below, we debunk 3 common cyber myths and explain why it should be front of mind for small businesses.

‘We’re too small a business to be a target’

The truth is, businesses of any size are at risk. A recent study showed that 42% of small businesses in the UK reported a breach or attack in 2018.

Human error is the most common cause of a breach. Anyone can make a mistake, regardless of what size business they work for or what industry. For example, hackers sent a phishing email with some bogus documents attached to an accountancy firm. An employee opened the document, allowing a piece of key logging software to be installed and the hackers to log into the firm’s bank portal and gather crucial data. The firm was left with £164,000 loss of electronic funds and costs of £15,000 in IT forensics.

The ICO reported that 60% of small businesses fail within 6 months of a cyber attack, which goes to show how cybercrime is presenting challenging risks for employers of all size businesses.

‘We don’t have anything that can be stolen’

Many small businesses don’t quite realise the wealth of sensitive data that they have. However, one study found that 98% of UK businesses rely on some form of digital communication or services, such as staff email addresses, websites, online banking, social media accounts and the ability for customers to shop online. The same study found that 55% of small businesses store personal data.

A cyber breach can happen as a result of something as simple as leaving a laptop unattended. A care home suffered a breach when a laptop was taken which had its password on a sticky note stuck to it. Although there was no proof that the data had been stolen, due to the sensitive nature of the information, they quickly used up their cyber limit of £100,000 and more.

‘A cyber attack won’t damage our reputation’

Small businesses are underestimating the true impact that a cyber breach can have on their business. Not only can the attack itself grind your business to a halt, it can also cause your customers to lose trust in your business and discourage them from using you in the future.

A recent survey by OnePoll found that 87% of 2,000 respondents said that they were ‘not at all likely’ or ‘not very likely’ to do business with an organisation that had suffered a data breach involving credit and debit cards.

Even if an attack doesn’t get reported on in the media, it can still negatively damage your brand’s reputation. In a recent report published by the government’s Cyber Streetwise campaign and KPMG, 89% of small businesses that suffered an attack said that they felt that their attacks impacted their reputation and 30% of them reported a loss of clients.

What can you do to protect your business against cybercrime?

There are several preventative measures you can put in place to prevent a breach, such as reviewing your IT security, auditing your IT security with a penetration test, gaining certification, for example cyber essentials and staff training on cyber/data risks. Along with preventative measures you should take positive action and introduce cyber insurance to protect your small business and avoid business interruption, financial and reputational loss.

Get in touch with our small business team on 0800 115566 or email sme@thomas-carroll.co.uk. We will help you find a policy tailored to your business needs and give you peace of mind that your business will be protected in the unfortunate event of a breach.