Small firms targeted by cybercriminals

Small firms are bearing a disproportionately large burden of cybercrime, says FSB.

Cybercrime is said to cost £5.26billion a year and a disproportionate amount of that burden is falling on small businesses.

That's a finding of a survey by the Federation of Small Business (FSB). In a report, Cyber Resilience: How to protect small firms in the digital economy, produced by FSB from the survey, it is stated that the vast majority of small firms (93%) are taking steps to protect their businesses from digital threats and that two thirds (66%) have been a victim of cybercrime in the past two years. Over that period, those affected have been victims on four separate occasions on average, costing each business almost £3,000 in total.

Cyber crime costs small businesses disproportionately more than big businesses when adjusted for organisational size. Currently the responsibility largely falls on small businesses to protect themselves. FSB is calling for more support to be given to those smaller firms least able to bear the burden of the increasing global cyber threat.

Almost all (99%) of the UK’s 5.4million small firms these days rate the internet as being 'highly important' to their business, with two in three (66%) offering, or planning to offer, goods and services online. Without intervention, the growing sophistication of cyber attacks could stifle small business growth and in the worst cases, close them down.

Mike Cherry, FSB National Chairman, says: "The digital economy is vital to small businesses, presenting a huge opportunity to reach new markets and customers. But these benefits are matched by the risk of opportunities for criminals to attack businesses.

"Small firms take their cyber security responsibility very seriously but often they are the least able to bear the cost of doing so. Smaller businesses have limited resources, time and expertise to deal with ever-evolving and increasing digital attacks. We’re calling on Government, larger businesses, individuals and providers to take part in a joint effort to tackle cyber crime and improve business resilience.”

The types of cyber crime most commonly affecting small businesses are phishing emails (49%), spear phishing emails (37%), and malware attacks (29%).

Small firms are also concerned about hacking and fraud, with each information breach setting them back 2.2days on average. To combat this, four in five small firms (80%) use computer securing software, and well over half (53%) perform regular updates of their IT systems.

The FSB report also found room for small firms to improve security. Currently just a quarter of smaller businesses (24%) have a strict password policy, 4% have a written plan of what to do if attacked online, and just 2% have a recognised security standard such as ISO27001 or the Government’s Cyber Essentials scheme.

Mike Cherry: "Small firms are understandably focussed on building their businesses and creating the jobs which drive economic growth. The vulnerabilities of the digital world affect everyone and the responsibility for improving resilience should not be left to the group with least resource to do something about it.

"Security is important, but given that an element of risk will always be present when operating online, resilience must also be championed. Without a concerted effort to reduce cyber crime and improve resilience, small businesses could be at real risk."

Mike says the law enforcement response to cyber crime must be improved at the local, regional, national and international levels. There must be more investment by the Government in law enforcement resources to tackle cyber crime effectively.

Businesses should be encouraged to report every crime and they must be reassured that it will be taken seriously, he says.