Cyberattacks cost UK SMEs $10.8bn in 2018

Cyber attackers aren't just focused on bringing down the big guys.
28 August 2019

SMEs are the new hot targets. Source: Shutterstock

New research has revealed that 1.4 million British SMEs suffered from cyberattacks or significant security incident last year.

As reported by Techradar (citing research by cybersecurity insurance provider Gallagher), the average cost per attack sits at US$7,980, racking up an overall cost of about US$10.8 billion in total.

The alarming stat came following a survey on more than a thousand SMEs in the UK. Meanwhile, cyber attacks are becoming a growing threat, with the percentage of companies affected rising from 19 percent in 2017 to 24 percent in 2018. 

Costly incidents

When quizzed further, a number of these businesses said that these attacks cause terminal damage to their day-to-day operations (23 percent), telling Gallagher that they couldn’t survive for more than a month if they weren’t able to do business as a result. 

This tells us that some 57,000 businesses could be at risk of collapsing this year if subject to a cybersecurity breach, according to Gallagher’s research.  

Paul Bassett, managing director of crisis management at Gallagher, commented: “When it comes to crises, cyber and IT security clearly represent a ‘soft underbelly’ of businesses that together account for more than 99 percent of private sector firms. 

“Alongside regularly reviewing their crisis preparedness, response plans and forms of protection, such as insurance, it is critical UK SMEs also assess their ability to survive in the event of a major crisis incident when the risk of serious disruption and protracted recovery process is very real.” Bassett added.

Lack of care?

It’s not just smaller firms in the UK that are vulnerable. As reported by Verizon earlier this year, in the US, close to half (43 percent) of companies that suffer from cyberattacks are SMEs. 

Worryingly, another study by Hiscox noted that just 52 percent of the SMEs surveyed last year said they have a cybersecurity plan in place, despite these attacks now being a legitimate cause of concern for these small players.

Many of these SMEs have so far chosen not to invest in cybersecurity measures because it’s too costly. As noted by Hiscox report, the average cost for cybersecurity infrastructure per year is about US$34,604. 

The large investment can often mean cutting back on other resources, and since these businesses feel like they aren’t always the targets, investing that much for an infrastructure that doesn’t directly contribute to profit can seem like an undue expense. 

Hackers are capitalising on this lack of readiness using a range of means in order to compromise sensitive data– such as customer’s contact details or identifiable information to be used in further scams, or payment information– or even to deploy ransomware which could, whether successful or not, ruin a company without significant resources to cope with it.

Secure now before it’s too late

Cybersecurity breaches are now a common occurrence regardless of business size or sector. While not having suffered the consequences may lull organizations into a false sense of security, there won’t be any warning when it actually happens. Large corporations like Marriott have learned this the hard way. 

Do keep in mind that apart from data and money, brand reputation will also be at stake now that cybersecurity laws are tighter than before. The initial investment may seem huge, but the protection it gives will secure your business greatly in the long run.