Small businesses in the UK are facing nearly 10,000 cyber attacks every day, with one in five of them suffering at least one cyber attack in the past two years, the Federation of Small Businesses (FSB) has revealed.
The business group said in a press release that more than seven million individual cyber attacks targeted small business in the UK took place between January 2017 and January 2019, averaging 9,741 cyber incidents per day.
As a result of the constant cyber attacks carried out by malicious actors, small businesses lost £4.5 billion in total in the said period, with cost per cyber attack averaging at £1,300.
“These findings demonstrate the sheer scale of the dangers faced by small firms every day in the digital arena. The issue of business crime is overlooked too often – even more so of late in this climate of sustained political uncertainty and inaction. Meaningful steps must be taken to safeguard our small firms, and by extension the wider economy,” said Martin McTague, FSB Policy & Advocacy Chairman.
Over 500,000 small businesses targeted using phishing attacks
According to the Federation of Small Businesses, while 530,000 small businesses have suffered phishing attacks in the past two years, 374,000 have experienced malware attacks, 301,000 have received fraudulent payment requests, and 260,000 small businesses have suffered ransomware attacks in the period.
A major reason why many cyber attacks on small businesses are successful is that many of them are not taking adequate steps to detect or to prevent cyber attacks. FSB noted that while 35% of them have not installed security software over the past two years, 40% of them do not regularly update software, and another 40% do not back up data and IT systems. As many as 53% of small businesses also do not enforce strict password policy for devices used by employees.
According to McTague, in order to reduce the exposure of small businesses to sophisticated cyber criminals, the government should require automatic patching and updates for all software products and should make it mandatory for banks to make banking and payment systems more resilient to cyber attacks.
Small businesses feel cyber criminals aren’t interested in targeting them
Not too long ago, a survey carried out by Duo Security in partnership with YouGov revealed that the real reason why small businesses did not invest much in cyber security was that many of them believed that cyber criminals would never target them.
Because of this belief, while 38% of them said they will not invest any money on cyber security, 30% of small businesses said they would allocate less than 3% of their overall budgets on cyber security products and services.
The survey also revealed that while 47% of small business owners considered cyber security as too expensive, they viewed the lack of knowledge on combating cyber threats as a bigger issue compared to money or employee awareness.