April 24, 2017
Almost Half of British Businesses are Victims of Cybercrime
The Department for Culture, Media & Sport have just released a Cyber Security Breaches Survey for 2017. It’s an uncomfortable read, citing that 46%, or almost half, of ‘all British businesses have identified at least one cyber security breach or attack in the last twelve months’. The scope of the problem has surpassed epidemic proportions. (In the medical world, an infection rate of 0.03% of 100,000 is considered an epidemic)
It’s easy to see why. Despite the government’s best efforts to educate and motivate businesses, 33% of all UK businesses didn’t invest a penny in cyber security during 2016. There are many reasons why a business might take this path.
Two in ten, for example, believe that they have ‘nothing worth breaching’. This mentality is strongest among ‘micro businesses’ (with fewer than 10 employees and a turnover of less than €2m). One even commented, “we’re not in danger. We don’t have anything of value.” Unfortunately, this isn’t true at all - all SMEs are targets of cybercrime.
Larger firms (with more than 250 employees) are most at risk, with 68% affected. Those breaches also incur the largest cost, at £19,600. Nevertheless, small or micro firms can’t rest easy - the average damage is still £1,380!
Another factor could be that businesses underestimate the impact a breach could have upon operations, profit, and morale. 57% say the breach adversely impacted their organisation.
Just 20% cited permanent loss of files as the most detrimental factor in a breach - businesses were more affected as a result of ‘staff time taken up in the breach’ (34%).
And surveys like this suggest that the ‘officials’ might not be getting the full picture. Only 19% of UK businesses report breaches to police, as many believe that ‘the breach isn’t significant enough’ (58%).
Is the Government doing enough? Despite earmarking £21m of funding to spend on private sector awareness between 2011-2016, only 8% of businesses interviewed were aware of the ‘Cyber Essentials’ scheme. ‘Cyber Essentials’ aims to ‘help organisations protect themselves against common cyber attacks’. However, concerns have also been raised around the adequacy of the advice given. Backup, the only sure-fire way to protect a business from cybercrime-related downtime, is hardly mentioned.
The best thing SMEs can do to mitigate cybersecurity risks is invest in Cyber Security. For those without suitable in-house resource, SMEs should look to partner with an IT Solutions or Managed Service Provider who can offer a high-availability backup and disaster recovery solution.