Cyber attacks cost small business £4.5bn per year

One in five (20 per cent) small firms say a cyber attack has been committed against their business in the two years to January 2019, bringing the total number of individual attacks over this period to seven million, equating to 9,741 incidents a day, the Federation of Small Business (FSB) has said. 

The annual cost of such attacks to the small business community is estimated to be £4.5 billion, with the average cost of an individual attack put at £1,300, the FSB revealed. 

Victims are most frequently subject to phishing attempts, with 530,000 small firms suffering from such an attack over the past two years. Hundreds of thousands of businesses also report incidences of malware (374,000), fraudulent payment requests (301,000) and ransom-ware (260,000). 

Conversely, one in three small firms (35 per cent) said they have not installed security software over the past two years, four in 10 (40 per cent) reported they don't regularly update software, while a similar proportion do not back up data and IT systems. Additionally, fewer than half (47 per cent) have a strict password policy for devices.      

“These findings demonstrate the sheer scale of the dangers faced by small firms every day in the digital arena," said FSB policy and advocacy chairman Martin McTague.

“The issue of business crime is overlooked too often – even more so of late in this climate of sustained political uncertainty and inaction. Meaningful steps must be taken to safeguard our small firms, and by extension the wider economy."

Mr McTague believes that while more small firms are waking up to the threat of cybercrime, many small businesses still lack access to the resources and budgets needed to contain it.   

He invited the government to do more to tackle "this scourge" by enhancing the current policing response – including investing more in cyber upskilling for police personnel as part of its wider recruitment push.

“Banks also have a role to play. They should be building in as much resilience as possible into banking and payments systems, and made liable for the losses of business – not just consumer – customers when they fall victim to cybercrime. 

“Software providers could also be doing more. Government should be prepared to step in and require automatic patching and updates to be the default option for all software products," concluded Mr McTague.