Despite the volume, variety and severity of cyber threats, many SMEs still don’t see the value of investing in software that can protect them. Here, we examine the current threat landscape, the consequences of a breach for SMEs, why cybersecurity is important and the solutions available to keep your small business safe.
Why is cybersecurity important?
Cybersecurity is often a low priority for small and medium business owners. You have enough to worry about with revenue, staffing, competitors, markets, regulation and outgoings. Often, SME bosses are not even experts in technology, let alone cybersecurity, so choosing and implementing security software is not a project they can easily tackle.
But the threat is real. According to the Cyber Security Breaches Survey (CSBS) from April 2019, published by the Department for Digital, Culture, Media and Sport, 40%businesses (10 – 49 employees) identified a breach or attack in the 12 months leading up to the survey. For medium businesses (50-249 employees,) this figure rose to 60%.
According to Verizon’s Data Breach Investigations Report 2019, small businesses accounted for 43%of all breaches worldwide. That may seem counterintuitive – surely criminals would target larger firms where the rewards would be greater – but SMEs represent an attractive target.
Why is that? Because they tend to spend less on protection. According to the CSBS, micro and small businesses had a mean spend of £3,490 on cybersecurity, while medium businesses spent £25,100 on average. That’s in comparison to £277,000 for larger businesses. When attackers are looking for targets, it makes sense to pick the easy prey, and that means small firms with easy-to-penetrate networks and limited means to detect intruders.
What are the consequences of cyberattacks for a small business?
While cyberattacks on your business may be virtual, they can cause real damage. A 2018 study by Hiscox found that a cybersecurity breach costs a small business £25,700 on average. And the CSBS reports that repairing the damage can take between 1.3 days (for the smallest businesses where material damage is limited) to 5 days (for larger businesses that have lost data or other assets)
Just under half of all businesses have been affected in at least one of the ways listed below.
Lost data (and the regulatory consequences)
In a GDPR world, businesses of all sizes have become more careful about how they handle data. But no matter how carefully you prepare, a breach can have disastrous consequences. Fines for improper protection of data or incorrect reporting after data is lost can cost businesses up to 20 million euros – a sum that would bankrupt most small firms.
Loss of business continuity can happen for many reasons. Criminals can block access to your critical files and systems until you pay a ransom, for example. Or they can steal or corrupt data, which means you have to spend time identifying what data has gone missing and following the necessary steps to inform affected parties and regulatory bodies – all time you should be spending looking after your business. The CSBC says that 17% of businesses reporting a breach suffered temporary loss of access to files or networks. And 10% said their website or other online services were taken down or disrupted.
Large companies that suffer outages or lose customer data often end up on the front pages, and apologetic executives are forced to face difficult questions from news reporters as to why paying customers have been let down again.
While it’s unlikely that small and medium businesses will be subject to such public scrutiny, word travels fast in any industry, and customers, suppliers and partners will soon find out. The impact of this loss of trust is hard to calculate, but affected firms may find it harder to make it onto approved supplier lists for important contracts for a long time to come.
What cybersecurity solutions do I need to protect my small business?
There is a wide range of software to protect your workloads from various attack types. Many common IT solutions have security features built in, but paying for additional, specialised security software will bring more capabilities and let you benefit from the wider expertise and threat overview of a dedicated security vendor.
Here are three cybersecurity solutions that SMEs should consider:
Phishing, which accounts for 80% of attacks on businesses, describes the technique where attackers send automated emails pretending to be from a trusted source, such as a bank or internet provider. Their goal is to trick recipients – your employees – into handing over critical data like usernames, passwords or bank-account details. These emails can be very sophisticated and hard to identify, but software exists that filters out phishing attempts and reduces their effectiveness. You can even run fake phishing campaigns to test how your company responds to these types of attack.
If your devices are infected with malicious software (malware), attackers can disable devices completely, steal data, or use your systems to attack others. Anti-malware solutions help identify, block, and remove such software from your company’s devices.
Network security software
It includes solutions that monitor traffic across your network, block certain types of traffic, and compile data that can help you with internal audits or regulatory compliance. Together, anti-phishing, anti-malware and network security software form a multi-layered barrier that will strengthen your small or medium business’s defences.
You can learn more about the vast range of cybersecurity solutions available to small businesses on our website. Each solution is rated by businesses owners like you and features a detailed description and download link.