CybersecuritySmall, medium businesses suffer record levels of cyber attacks

Published 9 May 2013

More small businesses than ever are facing the threat of losing confidential information through cyberattacks, according to research published today by the Department for Business, Innovation and Skills (BIS).

The 2013 Information Security Breaches Survey has shown that 87 percent of small businesses across all sectors of the U.K. economy experienced a breach in the last year. This is up more than 10 percent and cost small businesses up to 6 percent of their turnover, when they could protect themselves for far less.

More small businesses than ever are facing the threat of losing confidential information through cyberattacks, according to research published today by the Department for Business, Innovation and Skills (BIS).

The 2013 Information Security Breaches Survey has shown that 87 percent of small businesses across all sectors of the U.K. economy experienced a breach in the last year. This is up more than 10 percent and cost small businesses up to 6 percent of their turnover, when they could protect themselves for far less.

A BIS release reports that this comes as the Technology Strategy Board extends its Innovation Vouchers scheme to allow small and medium enterprises (SMEs) to bid for up to £5,000 from a £500,000 pot to improve their cybersecurity by bringing in outside expertise. BIS is also publishing guidance to help small businesses put cyber security higher up the agenda and make it part of their normal business risk management procedures.

Minister for Universities and Science David Willetts said:

“Keeping electronic information safe and secure is vital to a business’s bottom line. Companies are more at risk than ever of having their cyber security compromised, in particular small businesses, and no sector is immune from attack. But there are simple steps that can be taken to prevent the majority of incidents.

“The package of support we are announcing today will help small businesses protect valuable assets like financial information, websites, equipment, software and intellectual property, driving growth and keeping U.K. businesses ahead in the global race.”

The survey also showed that:

  • Large organizations are also still at high risk with 93 per cent reporting breaches in the past year
  • The average cost of the worst security breach for small organizations was £35,000 to £65,000 and for large organizations was between £450,000 and £850,000. The vast majority of these were through cyber attack by an unauthorized outsider
  • The median number of breaches suffered was 113 for a large organization (up from seventy-one a year ago) and seventeen for a small business (up from eleven a year ago), meaning that affected companies experienced roughly 50 percent more breaches than on average a year ago
  • Several individual breaches cost more than £1 million
  • 78 per cent of large organizations were attacked by an unauthorized outsider (up from 73 percent a year ago) and 63 per cent of small businesses (up from 41 percent a year ago)
  • 81 percent of respondents reported that their senior management place a high or very high priority on security, however many businesses leaders have not been able to translate expenditure in to effective security defenses
  • 84 percent of large businesses report staff-related cyber breaches (the highest figure ever recorded) and 57 percent of small businesses (up from 48 percent a year ago)
  • 12 per cent of the worst security breaches were partly caused by senior management giving insufficient priority to security.

Andrew Miller, PwC information security director, said:

U.K. businesses face more advanced threats than ever before from unauthorized outsiders. The business world has changed and companies of all sizes, in all countries and across industries, are now routinely sharing information across business borders, whether it’s with business partners or employees’ personal devices. Cyber security is critical. It is no longer only an IT challenge; business leaders need to make sure they are protecting what is most critical to their organization’s growth and reputation.

“Organizations also need to make sure that the way they are spending their money in the control of cyber threats is effective. Spending on cyber control as a percentage of an organization’s IT budget is up this year from an average of 8 percent to 10 percent, but the number of breaches and their impact is also up as well so it is clear that there is work to be done in measuring the effectiveness of the security spend.”

Mike Cherry, National Policy Chairman, Federation of Small Businesses said:

“Cyber security is an increasing risk for small and micro businesses and more and more, a barrier to growth. The FSB is very pleased to see the government announce a package of measures including specific guidance for small firms, helping them take steps towards more effective cyber security. Information security should be part and parcel of good business practice. We need to cut through the jargon to give straightforward and practical advice, to help businesses put in place protections in their business.”

According to Government Communications Headquarters (GCHQ), it is estimated that 80 percent or more of currently successful attacks can be prevented by simple best practice. This could be steps as straightforward as ensuring staff do not open suspicious-looking emails or ensuring sensitive data is encrypted.