Only 1/4 of small businesses see cybersecurity as a top priority

Only a quarter (26%) of small business professionals see cybersecurity as a top priority for their organisation, according to new research by Direct Line business insurance, one in six (17%) don’t see this as a priority at all.

The level of knowledge around cybersecurity is also poor, just 16% of small business professionals rate their awareness as “excellent”, while 15% say that it “isn’t good”. This is concerning given that nearly half of respondents (49%) say that their organisation has experienced a cyber-attack. The reasons for these attacks have been diverse, including malware and phishing.

When it comes to why SMEs experienced a cyber-attack, human error accounts for almost half (42%) of all cyber-attacks. This highlights the importance of cyber insurance as cybersecurity software won’t protect small businesses from this specific vulnerability. In addition, almost one in ten (8%) businesses cited out of date patch software as to why they experienced a cyber-attack.

Reasons for cyber-attacks on small businesses, Direct Line business insurance, 2022:

• Reasons for cyber-attack on small business Percentage of small business professionals who said that this was the cause of the cyber-attack
• The security breach occurred via a third party 20%
• Employee plugging in an external device containing malicious software 15%
• Employee clicking on an email or website containing malicious software 14%
• Employee accidentally divulging confidential information 13%
• We didn’t have any cyber security protection 13%
• Weak password protection 10%
• We hadn’t updated our systems with the latest patches for apps, software, and operating systems 8%
  Source: Direct Line Business Insurance

The consequences of these cyber-attacks have been devastating for many businesses. Almost a quarter (24%) have had to deal with costs associated with legal action, 23% have had to deal with the financial implications of data recovery and 22 per cent have had to cope with severe brand reputational issues. Nearly one in five (19%) enterprises lost business as a result. Yet just 24% regard cyber insurance as essential for their business.

Recent research from the Cyber Security Breaches Survey also found that the average cost of a cyber-attack is a staggering £4,200. This is a huge cost for any business, but particularly for SMEs, which highlights even more the need for cover.

On a more positive note, more than half of small business professionals (53%) agree that cybersecurity ought to be taken more seriously.

Within this group, 29% said that this was because of cyber criminals becoming increasingly sophisticated in their scamming attempts. Over a quarter (26%) said it’s because they are storing more customer, employee, supplier and third-party data on their systems and the same proportion stated it was because they had moved to an online business model and were therefore processing more information.

Alison Traboulsi, Product Manager at Direct Line business insurance commented: “Our latest research shows that small businesses continue to face a diverse range of cyber threats. Cyber criminals are clever, and phishing and malware continue to be a key cause of cyber security breaches.

“Criminals will look to catch unsuspecting employees off-guard and lure them in to doing something they shouldn’t, like opening an attachment in a fake email, sharing sensitive information, or inadvertently allowing them to bypass cybersecurity. If this happens and criminals get their hands on sensitive customer data, systems or access to bank accounts, the impact on businesses can be devastating.

“It’s important that employees are trained to identify potential points of vulnerability to help prevent cyber-attacks and that businesses consider taking out cyber insurance to help them deal with the consequences of a breach.

“Direct Line’s Cyber Risks offering provides cover for loss of business income, recovery costs for fixing computer system damage, fines and compensation costs, as well as access to public relations and brand management experts to minimise reputational damage.”