Only 9 per cent of UK SMEs have insurance in place to protect from a cyber threat despite the fact that more than one quarter (28 per cent) said they would go bust if faced with an unexpected £50,000 bill, according to commercial insurer RSA. Yet the average cost of an attack is higher than this at between £65,000 and £115,000.
This risky attitude towards cyber threat comes despite the danger it poses to small businesses, with a significant majority having been subject to an attack, as well as a series of high-profile cyber-attacks on large companies in 2016.
SMEs are increasingly becoming a target for cyber criminals because they are less likely to have adequate cyber security measures in place. Yet three quarters (74 per cent) of SMEs questioned do not believe that their business needs this cover, or do not understand how it would protect their business.
Common attacks on SMEs include data breaches where confidential files are put at risk; the use of ransomware by fraudsters who try to extort cash from businesses by blocking access to their systems; and hack attacks in which hackers gain access to a company network in order to get hold of sensitive information including customer bank details.
High profile attacks aren’t motivating SMEs
Despite an onset of high-profile cyber threats recently, including Yahoo, Tesco Bank, Talk Talk and Camelot, businesses are not protecting themselves sufficiently. RSA research indicates that many businesses are more likely to take out cover when the threat becomes real to them. When questioned, over half (53 per cent) of those with some form of cover have experienced an attack or know of someone who has had an attack.
Age is a determining factor when considering the need for cyber cover. The figures reveal that while 37 per cent of 18 to 34-year-old business owners surveyed have considered cyber cover, only 9 per cent of those over 55 have done the same.
The type of business also has an influence on whether SMEs would take out cyber insurance. Just 17 per cent of professional or legal services SMEs have considered taking out this insurance, and ironically just 30 per cent of those in IT or computing.
Top five cyber-attacks of 2016
Tesco Bank had £2.5 million siphoned out of 9,000 accounts.
Three Mobile was hacked, with six million customers’ private information put at risk.
NHS IT system attack shut three hospitals.
26,500 Camelot player accounts accessed.
Yahoo admit to one billion user accounts being comprised in 2013 making it the largest breach in history.
Five top tips to protect your business from a cyber attack
Install robust anti-malware software. Many cyber-attacks can go unnoticed. The longer this goes on for the more expensive the attack can be. A good software program will block or warn you of any suspicious behaviour. Remember to keep it up to date when installed. The FCA recently fell victim to this crime with its email system being spoofed.
Raise awareness. Ensure your employees understand the risks posed by cyber threat. Inform them about phishing emails, changing passwords often and being vigilant when out of the office with work material and devices.
Proper disposal. It seems simple, but disposing of paper material properly is crucial to protection. Make sure documents are shredded when thrown away.
Phone calls. Avoid disclosing sensitive information over the phone. Employees should put down the phone to any caller if they have doubts.
Insurance. Consider cyber insurance to ensure your business is protected if hackers do hit. Attacks can be costly and cause wide disruption to a business, not to mention potential long-term reputation damage. Insurance measures can cover losses and repairs.
Russell White, schemes and deals director, regions and SME, commercial risk solutions at RSA, says, that cyber threat is constantly in the headlines and SME owners would be forgiven for thinking it only happens to big business.
White adds, ‘Just 26 per cent of the SMEs we questioned said they were concerned about a cyber-attack on their IT systems, infrastructure or devices. However, SMEs are perceived by criminals as a soft target, since they are less likely to have stringent security measures in place.
‘Cyber-crime can cause a significant financial loss, reputation damage and has legal consequences. For an SME this could mean the difference between staying afloat and going under. This is why it is crucial for SMEs to protect themselves with adequate cover should the worst happen. We urge SME owners and decision-makers to talk to their brokers, for free, about the protection they need.’