Wednesday 18th October 2017
Home General Business News Region’s SMEs ‘unprepared’ for cyber-attack

Region’s SMEs ‘unprepared’ for cyber-attack

E-mail Print PDF

A quarter of East of England SMEs believe a cyber-attack on their business is a matter of ‘when not if’ but over half of firms have no plans in place to deal with one and only a minority have any budget for it, according to a study, The Business of Cyber Recovery, by Ipswich-based PolicyBee. In a survey of 500 UK SMEs, some 53 per cent said they will react if and when a cyber-attack happens and only 13 per cent have a budget for it. Just three per cent firms in the East have a detailed plan which covers all bases and has been tested.

Sarah Adams, cyber insurance expert at PolicyBee,  said: “The difference between a large and small company is that at least in the short term, no single individual will lose their income in a big business - but in a small business, their day to day livelihood could be altered dramatically within a scarily short space of time. With the East regarded as a particularly successful region for entrepreneurialism, it’s important that businesses take heed and put in place post cyber attack strategies to minimise any business or reputation damage.

“Many of our region’s hospitals were affected quite recently by the WannaCry ransomware virus and so it is perhaps surprising that so few of our businesses believe a cyber-attack is likely and that only a handful have prepared in terms of budget, or a recovery plan. Our small businesses seem to be chancing their luck and despite some expecting to be hacked, aren’t preparing to be prepared.”

Businesses in denial

Younger respondents seem more aware of potential cyber risks - as business owners get older they think a cyber-attack is less likely: 22% of 18-34 year olds think a cyber-attack is unlikely; 41% of 35-54 year olds and 56% of 55+ year olds.

Similarly sole traders believe they are least at risk from a cyber-attack: 71% say it is unlikely; 32% of businesses with 10-49 employees and one in five of businesses with 50-249 employees.

Adams continued: “More mature sole traders seem to be in the most potentially vulnerable group. If you are one of these people, it would be well worth looking at your business’s potential to become the next cyber victim, and how you’d continue to operate afterwards.”

IT and management consultant firms more switched on to cyber recovery

Interestingly, SMEs operating in the IT and management consultancy sectors had a much more realistic attitude to cyber-attacks:

•            only 24% of IT businesses say an attack is unlikely

•             16% of Management Consultants say an attack in unlikely

•             both much lower than other industries

According to PolicyBee, who provides cyber insurance and other business insurance to freelancers and small businesses, the study highlights the fact that SMEs are simply too busy running their day-to-day operations. They are not simply burying their head in the sand - it’s more that these busy owner-managers haven’t prioritised any time to deal with the aftermath of an attack.

Adams concluded: “We’re all familiar with the terms cybercrime; cyber-attack; and hackers; but we need to make ‘cyber recovery’ part of the discussion now too.”

Other resources:

PolicyBee’s tool for SMEs concerned about cyber recovery: https://www.policybee.co.uk/cyber-insurance-risk-assessment

PolicyBee’s series of cyber recovery blog posts: https://www.policybee.co.uk/blog/school-of-risk

Last Updated ( Friday, 28 July 2017 11:25 )