By Daniel Hunter
More small businesses than ever are facing the threat of losing confidential information through cyber attacks, according to research published by the Department for Business, Innovation and Skills (BIS).
The 2013 Information Security Breaches Survey has shown that 87 per cent of small businesses across all sectors experienced a breach in the last year. This is up more than 10 per cent and cost small businesses up to 6 per cent of their turnover, when they could protect themselves for far less.
This comes as the Technology Strategy Board extends its Innovation Vouchers scheme to allow small and medium enterprises (SMEs) to bid for up to £5,000 from a £500,000 pot to improve their cyber security by bringing in outside expertise. BIS is also publishing guidance to help small businesses put cyber security higher up the agenda and make it part of their normal business risk management procedures.
“Keeping electronic information safe and secure is vital to a business’s bottom line. Companies are more at risk than ever of having their cyber security compromised, in particular small businesses, and no sector is immune from attack. But there are simple steps that can be taken to prevent the majority of incidents," Minister for Universities and Science David Willetts said.
“The package of support we are announcing today will help small businesses protect valuable assets like financial information, websites, equipment, software and intellectual property, driving growth and keeping UK businesses ahead in the global race.”
The survey also showed that:
- Large organisations are also still at high risk with 93 per cent reporting breaches in the past year;
- The average cost of the worst security breach for small organisations was £35,000 to £65,000 and for large organisations was between £450,000 and £850,000. The vast majority of these were through cyber attack by an unauthorised outsider;
- The median number of breaches suffered was 113 for a large organisation (up from 71 a year ago) and 17 for a small business (up from 11 a year ago), meaning that affected companies experienced roughly 50 per cent more breaches than on average a year ago;
- Several individual breaches cost more than £1 million;
- 78 per cent of large organisations were attacked by an unauthorised outsider (up from 73 per cent a year ago) and 63 per cent of small businesses (up from 41 per cent a year ago);
- 81 per cent of respondents reported that their senior management place a high or very high priority on security, however many businesses leaders have not been able to translate expenditure in to effective security defences;
- 84 per cent of large businesses report staff-related cyber breaches (the highest figure ever recorded) and 57 per cent of small businesses (up from 48 per cent a year ago);
- 12 per cent of the worst security breaches were partly caused by senior management giving insufficient priority to security.
Andrew Miller, PwC information security director, said: “UK businesses face more advanced threats than ever before from unauthorised outsiders. The business world has changed and companies of all sizes, in all countries and across industries, are now routinely sharing information across business borders, whether it's with business partners or employees’ personal devices. Cyber security is critical. It is no longer only an IT challenge; business leaders need to make sure they are protecting what is most critical to their organisation’s growth and reputation.
“Organisations also need to make sure that the way they are spending their money in the control of cyber threats is effective. Spending on cyber control as a percentage of an organisation’s IT budget is up this year from an average of 8 per cent to 10 per cent, but the number of breaches and their impact is also up as well so it is clear that there is work to be done in measuring the effectiveness of the security spend."
Mike Cherry, National Policy Chairman, Federation of Small Businesses said: “Cyber security is an increasing risk for small and micro businesses and more and more, a barrier to growth. The FSB is very pleased to see the Government announce a package of measures including specific guidance for small firms, helping them take steps towards more effective cyber security. Information security should be part and parcel of good business practice. We need to cut through the jargon to give straightforward and practical advice, to help businesses put in place protections in their business.”
According to Government Communications Headquarters (GCHQ), it is estimated that 80 per cent or more of currently successful attacks can be prevented by simple best practice. This could be steps as straightforward as ensuring staff do not open suspicious-looking emails or ensuring sensitive data is encrypted.
Join us on