News story

Cyber security ‘myths’ putting a third of SME revenue at risk

Misunderstanding of the threat posed by cyber crime is leaving SMEs vulnerable to losing information, profit and customers.

This was published under the 2010 to 2015 Conservative and Liberal Democrat coalition government
Cyber Security

Small and medium sized companies are putting a third (32%) of their revenue at risk because they are falling for some of the common misconceptions around cyber security, leaving them vulnerable to losing valuable data and suffering both financial and reputational damage.

Yet new research by the government’s Cyber Streetwise campaign shows that two thirds (66%) of SMEs don’t consider their business to be vulnerable, and just 16% say that improving their cyber security is a top priority for 2015.

Common misconceptions

When asked if they agreed with some of the most common misconceptions around keeping their business secure online, over three quarters (78%) of small businesses believed at least one. These included the following myths:

  • Only companies that take payments online are at risk of cyber crime (26%) – All SMEs are at risk and whilst hacking of payment processing software is an obvious tactic, criminals are highly opportunistic and can benefit from stealing a wide range of data from businesses

  • Small companies aren’t a target for hackers (22%) - Small businesses are in fact a bigger target than ever because they typically hold far more data than the average consumer, but often don’t have any additional preventative measures in place to protect themselves. Last year 33% of small businesses suffered a cyber attack from someone outside their business

Knock-on effects

This apparent lack of understanding around cyber threats is leaving many small firms vulnerable to losing valuable data and then suffering the knock-on effects, including losing customers and a damaged reputation. The government’s Information Security Breaches Survey* also found that the average cost of the worst security breach is between £65,000 and £115,00 and can result in a business being put out of action for up to ten days.

A quarter (24%) of small businesses think that cyber security is too expensive to implement and 22% admit that they ‘don’t know where to start’, which is why Cyber Streetwise is helping business owners by providing free, simple advice from Just three simple steps can take a business from being cyber unwise to cyber streetwise, protecting it from hackers and viruses including malware– always using strong passwords, keeping software up to date and deleting suspicious emails.

Minister for Culture and the Digital Economy, Ed Vaizey said:

Small and medium-sized firms are a key part of our long-term economic plan to back business, create jobs and secure a brighter future for Britain, and many are reaping the rewards from going digital and operating online. However this new research shows businesses can do more to understand and respond to cyber threats.

There are some simple steps firms can take to protect themselves, their cash flow and their data. The government is providing a range of cyber security guidance and support and I encourage all small and medium-sized firms to take these simple steps and fully benefit from our growing digital economy.

Companies can also take advantage of free online training coursesfor staff, Cyber Essentials and a simple cyber security guidefor small and medium-sized firms. Cyber Essentials is a new government-backed and industry supported scheme designed to help businesses protect themselves against the most common cyber threats. Gaining accreditation enables businesses to display the Cyber Essentials badge and demonstrate to their customers they take their cyber security seriously.

James Lyne, Global Head of Security Research at Sophos and supporter of the Cyber Streetwise campaign, said:

SMEs are the UK’s engine of growth, but because cyber criminals know this, they are continuously looking at ways to exploit them.

Small businesses hold a wealth of data but many don’t realise quite how valuable this data is and how severe the consequences could be if it fell into the wrong hands. For example, a business’s intellectual property could be sold to a competitor and even email addresses can be sold to spammers for a profit.

A bit of knowledge goes a long way when it comes to keeping your business safe online.

John Allan, National Chairman of the Federation of Small Businesses (FSB), adds:

Cyber crime is a major business resilience issue. Business owners and managers need to see and understand this threat clearly and take the steps necessary to protect themselves.

We know from our own research that in the future small businesses expect to become much more dependent on web based tools. We also know that, as firms’ reliance on tools like cloud computing increases, they also become more aware of the threats these services can pose. For example, nearly a third of businesses we questioned (61%) were worried about the threat of data theft or loss.

We need to give these businesses the knowledge and tools they require to prevent this from happening, and so help the continued take-up of these productivity-enhancing technologies.

The research showed that businesses in London felt most at risk with 41% saying they considered their company to be vulnerable to an attack; those in Wales felt the safest with just 16% reporting that they felt vulnerable.

Published 25 February 2015