UK Cyber Security
The financial risk to small businesses of cyber attacks is severe. Reuters

According to VIPRE, a leading provider of security services, the global rise in cyber attacks will continue to be exponential as the number of bad actors increases. The increasingly hostile cyber climate presents severe financial risks to small businesses that face heavy costs for falling prey to attacks. However, despite this, polling suggests the attitudes of small business owners do not reflect the salience of present and future cyber security risks.

The biggest cyber security threats include zero-day attacks, with 2021 accounting for 40 per cent of such attacks in the last decade. Also of concern is the risk posed by Internet of Things (IoT) devices.

The CNBC|SurveyMonkey Small Business Index asked small business owners whether they were concerned that their business would fall prey to a cyber attack over the next year. Just 37 per cent of small business owners responded saying they were. Furthermore, 64 per cent of business owners expressed confidence in the capacity of their organisation to speedily resolve a cyber attack that does occur. The number of small business owners that rated cyber security as the biggest risk facing them was just 4 per cent.

Furthermore, the UK Government's Cyber Breaches Survey for 2023 also indicates that cyber security concerns are not paramount for small businesses, with other pressing issues including the increasing cost of energy, inflation, and broader economic uncertainty consuming the attention of small businesses.

The financial costs to small businesses

Small businesses face severe financial consequences if they fall prey to cyber-attacks. The average turnover of small businesses with 10 or more employees was £2,802,670 in 2022, significantly less than the costs of average data breaches which can hit figures above £4.5 million.

Insights from IBM/Ponemon Institute's Cost of a Data Breach Report 2022 show that the financial costs of cyber attacks to businesses are increasing. A breakdown of the findings is presented by Gallagher, with the global average for total costs of data breaches hiking up to £3.93 million, an increase of £0.099 million.

The cost of the attack is affected by the method used. Phishing and business email compromises present the costliest consequences, with the former costing £4.43 million, and the latter £4.41 million. Also of concern are ransomware breaches because of the length of time it takes to contain them, with the average cyber attack taking 237 days to identify and an additional 89 days to contain.

Furthermore, the costs of data breaches in the UK are relatively high compared to other countries. Britain now ranks fourth globally in terms of average data breach costs, with only the US, the Middle East, and Canada ranking higher. These stats follow an 8.1 per cent increase in the cost of a data breach in the UK.

Disturbingly, one in eight small businesses closes down due to a data breach.

The solution

Ensuring protection against cyber attacks is potentially resource-intensive for small businesses. VIPRE explains how the traditional methods including hiring large IT teams, "level up solutions", and training for existing staff, present financial burdens to small businesses.

They point to the utility of Endpoint Detection and Response (EDR) technology, which in their words can provide the "sophistication of high-performing, cloud-based solutions without the challenges that users may expect". EDR tools identify cyber threats at endpoints, monitor events on different devices, looking for suspicious occurrences.

Crucially, EDR tools work to automate processes of "threat detection, remediation, and response", allowing businesses to work around IT skills gaps they may face. VIPRE claim that EDR can serve as a "cost-effective" alternative to hiring new full-time staff, which presents obvious expenses for small businesses that face difficult economic circumstances in the wider UK and global economy.

Not only are new staff expensive, but they also are not necessarily readily available. Research by ManpowerGroup shows that technical skills in IT and data are most in demand among employers. Moreover, VIPRE argues that possessing an up-to-date EDR tool is "a must-have" for businesses, particularly SMEs, who should be concerned about cyber security.