More small businesses than ever are facing the threat of losing confidential information through cyber attacks, according to research published by the UK Department for Business, Innovation and Skills. In fact, Symantec’s own research pointed out that targeted attacks hitting small business have increased threefold.
The 2013 Information Security Breaches Survey has shown that 87 per cent of small businesses across all sectors experienced a breach in the last year. This is up more than 10 per cent and cost small businesses up to 6 per cent of their turnover, when they could protect themselves for far less.
This comes as the Technology Strategy Board extends its Innovation Vouchers scheme to allow small and medium enterprises (SMEs) to bid for up to £5,000 from a £500,000 pot to improve their cyber security by bringing in outside expertise.
BIS will also be publishing guidance to help small businesses put cyber security higher up the agenda and make it part of their normal business risk management procedures.
“The package of support we are announcing today will help small businesses protect valuable assets like financial information, websites, equipment, software and intellectual property, driving growth and keeping UK businesses ahead in the global race,” said UK Minister for Universities and Science David Willetts.
The survey also showed that:
- Large organisations are also still at high risk with 93 per cent reporting breaches in the past year
- The average cost of the worst security breach for small organisations was £35,000 to £65,000 and for large organisations was between £450,000 and £850,000. The vast majority of these were through cyber attack by an unauthorised outsider
- The median number of breaches suffered was 113 for a large organisation (up from 71 a year ago) and 17 for a small business (up from 11 a year ago), meaning that affected companies experienced roughly 50 per cent more breaches than on average a year ago
- Several individual breaches cost more than £1 million
- 78 per cent of large organisations were attacked by an unauthorised outsider (up from 73 per cent a year ago) and 63 per cent of small businesses (up from 41 per cent a year ago)
- 81 per cent of respondents reported that their senior management place a high or very high priority on security, however many businesses leaders have not been able to translate expenditure in to effective security defences
84 per cent of large businesses report staff-related cyber breaches (the highest figure ever recorded) and 57 per cent of small businesses (up from 48 per cent a year ago)
- 12 per cent of the worst security breaches were partly caused by senior management giving insufficient priority to security.
According to Government Communications Headquarters, it is estimated that 80 per cent or more of currently successful attacks can be prevented by simple best practice. This could be steps as straightforward as ensuring staff do not open suspicious-looking emails or ensuring sensitive data is encrypted.