If you look at the figures, it’s easy to see why cyber security is at the forefront of almost every small business’ mind. The government’s Cyber Security Breaches Survey 2017, recently found that 45 per cent of small businesses have experienced a breach or attack in the last year.
Whilst the boom in attacks is apparent, for a busy SME with a lot on its plate, prevention is something that can quickly fall to the bottom of a long list of priorities.
But a head in the sand attitude could be disastrous. A cyber attack doesn’t just constitute a loss of private data, there are a string of consequences that follow which can be equally damaging to an SME.
It’s for this reason that prevention is better than cure. Here are the three biggest risks that a cyber attack exposes a business to, but that can also be avoided with preventative actions.
Costs and penalties
Small businesses are just as much a target as larger corporations when it comes to cyber crime. This is partly because they perceive themselves as less susceptible, but also because their activities are becoming more intertwined with the online world.
SMEs generally lack the resources and knowledge to prevent attacks; for example, small companies may not have a dedicated IT department or access to fraud or legal expert, making them particularly vulnerable.
The costs and fines associated with cyber crimes don’t just affect global giants either. In May 2018 the General Data Protection Regulation (GDPR) will become effective and there will be hefty fines of up to four per cent of annual turnover or €20 million, for companies that don’t take data protection seriously.
This should be seen as a warning to all SMEs of their responsibility to store and manage consumer data safely and securely. For those who don’t heed the warning and put prevention methods in place, the penalties could be crippling.
For every SME time is precious, and a cyber attack can quickly result in a loss of it. ICAEW found the worst breaches disrupted operations for small businesses for an average of seven to ten days.
The repercussions can be seriously detrimental if a business has no prevention methods and the time and investment required to reverse these damages can be huge. In the short-medium term this could severely disrupt the everyday running of the business and affect the quality of service on offer to customers.
Research carried out by KPMG and the government’s Cyber Streetwise campaign in 2016 revealed that out of those businesses that had experienced a cyber breach, 93 per cent believed it impacted their business’ ability to operate.
Reputational liability (loss of customer trust and loyalty)
As with any company without cyber security prevention methods in place, SMEs risk exposing their customers’ personal information, losing their trust and destroying their own reputation, in addition to the potential costs and business disruption.
In the same piece of research by KPMG, 89 per cent of the small businesses who had experienced a breach said it impacted their reputation; whilst 31 per cent say it led to brand damage, 30 per cent cite a loss of cliental and 29 per cent their ability to win new business.
Victims of cybercrime are much more likely to develop a negative perception about a company that’s unable to protect itself and its customers. Therefore, a cyber attack doesn’t just have negative effects on the SME that’s fallen victim, but its customers too.
Taking steps towards prevention
The stakes are higher than ever before. Cyber attacks are rising at a rapid rate, and currently show no signs of abating. But proactive, preventative solutions to cyber crime now exist to help businesses. These are often offered through your insurance or bank provider as a complimentary service.
For example, a provider might offer web monitoring across social media and the dark web, sending alerts on suspicious activity to allow you to focus on your core business. Or they might have a call centre team to assist SMEs with guidance on prevention methods.
Making sure preventative measures are in place is key. It shouldn’t be a case of waiting to fall victim before you act. SMEs should feel empowered to protect their business and prevent an attack happening in the first place.
Karen Wheeler is vice president and country manager UK of Affinion