Over 80 per cent of UK small businesses across all sectors suffered a cyber security breach last year, according to the Department for Business, Innovation and Skills (BIS). The average attack caused SMEs between £35,000 and ?65,000 worth of damage.
Here’s a break down of the security breach bill.
Between three to five days worth of business disruption
Cost: £30,000 – £50,000
Having an online presence has become a vital key in customer satisfaction. The risks to businesses, however, are amplified by the increasing connectivity and diversity of technology. For a small business, lost productivity is absolutely crippling. Remember that if your systems are down, then so are customer service levels. To prevent business disruption, implement remote support solutions. This will allow IT support to monitor all aspects of the IT footprint and repair or notify technical teams of potential or real problems.
Responding to the incident
Cost: £2,000 – ?6,000
Direct cash spent responding to incident
Cost: £500 – £1,500
Most organisations will only learn how to respond to computer breaches after suffering attacks. By this time, incidents often become much more costly than needed. Proper incident response should be an integral part of your overall security policy and risk mitigation strategy. Constantly keep your security up to date! Out-of-date firewalls, a lack of virus protection and poor data backup planning will only cost your business more in the long-run. To help guard against these attacks, which can cost an SME six per cent of its turnover, the government also offers “Innovation Vouchers” which will allow SMEs to bid forup to £5,000 from a £500,000 pot to improve their cyber security using external expertise.
Lost business
Cost: £300 – ?600
Cyber attacks affect your customers as well as your business. When your customers are met with blank screens as a result of your business being offline, they won’t wait around for it to be fixed. Most will find the next best company and, as a result, your company could loose millions. If your company regularly communicates with customers via email, or stores customer information in an electronic database, you could also be putting customers at risk if you aren’t taking the right precautions. Make sure to safeguard consumers from wire transfer fraud, account takeover and identity theft. While it’s tempting to keep information for future use, the less you collect and store, the less opportunity there is for something to go wrong only keep what you need.
Lost assets
Cost: £150 – £300
Around three in ten members have been a victim of fraud, typically by a customer, clientor through “card not present” fraud, Federation of Small Businesses (FSB) figures suggest. Cyber criminals can steal revenue online directly from businesses by obtaining access and looting company accounts and monetary reserves. Cyber criminals can also withhold taxes due or make fraudulent claims for benefits by attacking official online channels. Protect yourself by watching your credit score and setting up alerts when your credit changes unexpectedly. If you have a break in, notify your financial institution. Change your passwords frequently without sharing them with anyone.
Damage to reputation
Cost: £1,500 – ?8,000
Arguably a company’s most powerful asset, your brand is a promise to deliver the best service and product you can. In that sense, brand damage is one of the most lethal risks attributed to cyber attacks. No one would be pleased to learn that their favourite company failed to secure their client lists complete with names, addresses and financial information from a hack attack. Most clients would not want to be associated with a brand that puts their financial security at risk. Customers need reassurance that a company is taking proactive measures to combat cybercrime. Your company’s website should have a privacy policy that tells customers what information you collect and how you use it. Let them know that you are up-to-date and that you’re keeping them secure.
