Small businesses are being told over and over that they need to prepare for potential attacks, but for many these warnings fall on deaf ears. It’s not until we take a quick look at the figures from a government-commissioned report, 2015 Information Security Breaches Survey, that the real scope of this problem comes into focus. In 2015, 74 per cent of small businesses experienced a security breach, a significant increase from 60 per cent the year before. This is expected to rise again throughout 2016.
In addition, the associated costs of a security breach are also rising sharply. In 2015, the average ‘starting point’ for breach costs – which includes elements such as business disruption, lost sales, recovery of assets, and fines and compensation – was £75,000 at the smaller end and £311,000 at the higher end, compared to £65,000 and £115,000 in 2014 respectively.
It is not clear how seriously the SME community is taking these threats. While 63 per cent provide ongoing cyber-security training, up from 54 per cent in 2014, there has been a decrease in the number of businesses buying insurance that would protect them in the event of a breach (27 per cent of businesses in 2015 compared to 35 per cent in 2014). On top of this, just seven per cent of SMEs expect to increase their security spending next year, compared to 42 per cent in 2014.
Data breaches can take many forms; it is not always the super-villain hacker. Although around 38 per cent of attacks in 2015 came from unauthorised outsiders with malicious software, up from 33 per cent in 2014, surprisingly 31 per cent of breaches were staff-related, up from 22 per cent a year ago – this includes inadvertent human error. This really brings it home that anyone, and everyone, is at risk.