By Stacey Hill, below, Director of Sky Small Business Group, Sky Business
Stacey Hill emphasises the urgency for SMEs to bridge the cybersecurity knowledge gap and adopt robust measures to defend against cyber threats.
Not a week goes by without a cyber attack making headlines in the UK. Data breaches in large organisations like banks, hospitals or retailers might dominate the tabloids, but SMEs are equally attractive targets to cybercriminals. And with around 2000 companies filing for insolvency every month in the UK, any factor which threatens revenue must be taken seriously.
Despite the clear and present danger, a worrying trend has emerged; businesses that have not yet experienced a cyber-attack are snoozing on cybersecurity. They are also significantly miscalculating the potential costs involved – particularly established businesses which have been around for 20 years or more. In fact, recent Sky Business research has found that SMEs underestimate the impact of a cyber-attack by nearly £85k.
The Dangerous Miscalculation
The cybersecurity landscape is becoming increasingly perilous for SMEs as ransomware sophistication will likely increase in line with the ubiquity of AI. However, many SMEs mistakenly believe their size renders them less attractive to cybercriminals. Unfortunately, the opposite is often true. Hackers can see smaller businesses as low-hanging fruit (compared to large corporations) due to their typically weaker security measures.
At Sky Business we recently surveyed 350 SME decision makers about their experience of cyber-attacks and found a significant disparity in the perceived versus actual cost of falling victim. According to the data, UK SME business decision-makers estimate they’d be forced to stop trading for an average of four days following a cyber-attack. And of the businesses surveyed that had experienced a breach in the past, the economic loss of being offline for this time was estimated at £123,984. For SMEs that have not been victims of a cyber-attack, they calculated the loss to be £39,633 – more than a substantial 68% lower.
Interestingly, 25% of businesses trading for 20+ years believed a cyber-attack wouldn’t shut them down for any amount of time, compared to just 11% of those 1-20 years old. This underestimation of risk could be catastrophic, particularly when considering the fragile cash flow many SMEs – even those operating for decades – operate under.
The Paradigm Shift Needed for SMEs
To combat this growing threat, SMEs must undergo a fundamental shift in how they prioritise and address cybersecurity. This means moving away from reactive measures and towards a proactive, informed approach. Here are some practical steps SMEs can take to bolster their cybersecurity defences:
- Avoid Unsecured Public Wi-Fi Connections
Public Wi-Fi networks are notoriously insecure, making them a hotbed for cyber-attacks. Employees should be educated about the dangers of using these networks for business purposes. Where possible, secure connections such as Virtual Private Networks (VPNs) should be employed to ensure safe data transmission. - Invest in Cybersecurity Training for Employees
Human error is one of the leading causes of security breaches. Regular training can equip employees with the knowledge to recognise and respond to potential threats. This training should cover the basics of cybersecurity, such as identifying phishing emails, using strong passwords, and securing personal devices. Faux phishing emails are a great way to get your team really thinking about the content of their inbox! - Implement Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA)
Adding an extra layer of security through 2FA or MFA can significantly reduce the risk of unauthorised access. By requiring additional verification steps beyond a password (ideally not your pet’s name), businesses can protect sensitive information even if login credentials are exposed. - Practice Great Cyber Hygiene
Routine practices such as regular software updates, data backups, and the use of anti-virus software can greatly enhance a company’s security credentials. Establishing clear policies for data protection and ensuring adherence can sure up common vulnerabilities. - Get Your Cyber Software to do the Heavy Lifting
There are hundreds of different anti-virus products available, but they are not all made equal. Find one which goes above and beyond the basics, backed by constantly updated, sophisticated databases of threatening sites. Advanced protection doesn’t need to cost the earth and you can rest easy knowing real time shields are blocking the latest malicious activity.
Towards a Resilient Cybersecurity Future
In conclusion, SMEs must wake up to the reality of the cyber threats facing them. The financial and reputational damage from a cyber-attack can be devastating, and underestimating this risk only compounds the problem. By adopting a proactive approach to cybersecurity, SMEs can reduce the risk of shutting up shop for any period and, consequently, protect their revenue.
It’s time for SMEs to stop sleeping at the cyber wheel and take the necessary steps to protect their businesses. The risks are real, and the cost of inaction is far too high.