Almost one in every four small and medium businesses in London suffered cyber breach incidents in the last twelve months.
Half of all small and medium businesses don’t plan to spend more than £1,000 on cyber security in the next twelve months.
The Zurich SME Risk Index survey of over 1,000 small and medium businesses in the UK has revealed that in the last twelve months, one in every six such businesses were at the receiving end of cyber breaches. In London alone, at least one in every four such businesses (23%) suffered cyber breach incidents in the period, making London the worst affected among all UK cities.
In total, as many as 875,000 small and medium businesses in the UK suffered cyber breaches in the last twelve months. ‘The results suggest that SMEs are not yet heeding the warnings provided by large attacks on global businesses,’ said Paul Tombs, Head of SME Proposition at Zurich.
Cyber breaches have also cost many of UK’s small and medium businesses dear. The survey revealed that while 21 percent of SMEs suffered over £10,000 in costs, 11 percent of them said that cyber breaches have resulted in losses of over £50,000.
Despite facing financial losses, small and medium businesses are reluctant to spend more on cyber security. According to Zurich, half of all SMEs it surveyed said that they would not spend more than £1,000 on cyber security over the next twelve months. 22 percent of such businesses also did not have a figure in mind when they were asked about cyber security investments in the next twelve months.
This could be a result of a shortage of funds. In January, a survey conducted by Zurich revealed that small and medium businesses in the UK were planning on borrowing an average of £41,770 in 2017 and that lending to SMEs could soar above £50bn in the calendar year. The overall borrowing level is expected to increase by 22 percent over 2016 levels, thus signalling that they would be reluctant to spend more on additional costs like cyber security.
However, ignoring cyber security and not placing much emphasis on company or customer data could be devastating for small and medium businesses once GDPR kicks in next year. Among other things, the GDPR will impose fines of up to €20 million or 4 percent of a company’s global turnover, whichever will be higher, if the government finds a business guilty of failing to protect sensitive data from cyber attacks.
A YouGov survey of over 2,000 UK businesses in May revealed that as many as 71% of UK businesses are unaware of fines under the GDPR. Of those who are aware, 21% will make small-scale headcount reductions and 10% will cut staff by significant numbers to cover large fines under the GDPR. Only 29% of all businesses have started preparing for the GDPR, which has led experts to fear that a majority of them will not be ready when the new rules come into effect.
“Organisations can no longer see data breaches as an abstract tech or IT problem; boycotts and penalties are serious business risks and should be a board-level business issue. Make no mistake, there will be businesses that will never fully recover from such a fine if they don’t go out of business entirely. We will all know of the EU General Data Protection Regulation then,” said Rashmi Knowles, the field CTO at RSA.