Why SMEs need to fight back against cyber crime

Affinion’s Karen Wheeler explains why cyber crime is a threat to SMEs and the steps they can take to start taking security seriously.

Cyber crime has dominated the UK’s headlines in recent months, from the high-profile WannaCry attack on the NHS, to Barclays’ declaration of war on cyber criminals.

Research conducted by Barclays revealed that 2016 saw a total of 5.6 million cases of cyber fraud reported across the UK – a figure accounting for nearly half of all UK crimes. There’s no doubt concerns are both real and growing.

It’s a common assumption made by small business owners that cyber crime is only something that affects larger businesses with higher turnovers and larger volumes of customer data. But although it’s the large, global organisations that are indeed front of mind when it comes to cyber crime, today no one is out of reach or safe from hackers.

By investing in cyber security, an SME can help protect not only its finances, but also consumer data, building a loyal customer base and establishing itself as a trusted partner.

SMEs are a softer target

SMEs are often perceived as softer targets than large companies. In 2015, Symantec found that 75 per cent of SMEs, compared to 35 per cent of large companies, were the victims of spear phishing attacks.

On top of this, the government’s Cyber Security Breaches Survey of 2017 also found that a quarter of all companies experience a breach at least once per month, but despite this only a third have security policies in place.

As SMEs’ activities become more intertwined with the online world, their risk of being attacked by cyber criminals also increases. They often lack the resources and knowledge to defend themselves – for example, small companies may not have a dedicated IT department, making them particularly vulnerable to cyber attacks.

It’s time to fight back

But, a “head in the sand” attitude could be deadly for SMEs. As with any company without a cyber security policy in place, SMEs risk exposing their customers’ personal information and losing both trust and reputation, in addition to the potential costs.

Victims of cyber crime are much more likely to develop negative feelings toward a company that was unable to protect itself and its customers. According to research conducted by Opinium, 71 per cent of those surveyed said they believed these events were damaging to their organisation’s reputation.

Moreover, according to the Small Business Reputation and the Cyber Risk report, 58 per cent of consumers said they would be less likely to use a company’s services if an incident took place, while 89 per cent of victim SMEs reported a 30 per cent loss of clients.

Trust clearly plays a major role throughout the customer engagement journey. Without it, there is less of a chance that a customer will evaluate a company favourably and remain loyal, and this could spell trouble for SMEs.

But action is not only required in order for SMEs to improve customer retention. Soon there will be hefty fines for companies of all sizes that don’t take data protection seriously. On 25th May 2018 the General Data Protection Regulation (GDPR) will become effective and should be seen as a warning to SMEs handling consumer data and not investing in cyber security.

The GDPR will harmonise data protection standards across the EU and for those who don’t heed the warning, penalties could be crippling according to the Payment Card Industry Security Standards Council (PCI SSC).

How can SMEs equip themselves for battle?

There’s a clear understanding that SME awareness needs to increase, and that they need to be more prepared if they’re to triumph over cyber crime.

SMEs have the choice of a number of steps, and any should be considered a smart move. Those who can afford to hire professionals should do so. Security suites can help prevent and alleviate SMEs’ concerns as well as offer solutions if there has been a breach, and there are a variety of different options when it comes to choosing one.

Most entry-level security suites will offer antivirus, firewall, antispam, parental control and phishing protection. Alternatively, a more advanced level of protection might include a backup component and a service in which an administrator monitors and manages the security of an entire company’s computers. This will help manage the fall out and minimise the loss of consumer trust and the impact on the bottom line.

For those who can’t afford the expense, there are a number of resources available. Just recently, the government’s National Cyber Security Centre (NCSC) entered a new partnership with the Crown Commercial Service that aims to establish a new framework for the public sector, in order to help them buy certified cyber security consultancy and devices.

The UK government’s Cyber Essentials website also includes a self-assessment questionnaire in addition to documents that are free to download. SMEs can also apply to get accredited and receive a badge they can display to reassure customers and partners they take cyber security seriously.

SMEs are the backbone of the economy and as cyber crime increases, protecting both their own and their customers’ data against cyber crime is a necessity. As attacks becomes more complex and increase in number, it is important that SMEs fight back to protect their finances and consumer trust. This is a serious issue, which needs serious action.


Karen Wheeler is vice president and country manager for the UK at Affinion.