A third of small businesses see cyber attacks on their systems as an inevitability, but only a small minority have plans and budgets in place for when disaster strikes.
According to research by PolicyBee, one in three SMEs see attacks as a matter of ‘when’, not ‘if’, and 18 per cent say the threat of cyber crime keeps them awake at night.
However, 74 per cent have not put any budget aside to deal with the aftermath and 43 per cent say they have no plan in place and will react when an attack happens.
In fact, only 14 per cent of the small businesses surveyed said they have a plan that covers everything they would need in case of an attack and have properly tested it.
“Large corporates will all have a ‘what if’ plan in place that has been stress tested via a crisis simulation or role play exercise,” said cyber insurance expert Sarah Adams, who commissioned the study. “They will know exactly what to do in the event of a cyber attack.
“However, small businesses seem to be chancing their luck and despite expecting to be hacked, aren’t preparing to be prepared.
“The difference between a large and small company is that at least in the short term, no single individual will lose their income in a big business – but in a small business, their day to day livelihood could be altered dramatically within a scarily short space of time.”
The study found that management consultants were the most switched on to the possibility of a cyber attack, with just 16 per cent saying it was unlikely.
“It’s not the usual case that all SME owner-managers are burying their heads in the sand, as the study shows some awareness of the possibility of an attack amongst some groups,” Adams said. “It’s more that these busy owner-managers haven’t prioritised any time to deal with the aftermath of an attack.
“We’re all familiar with the terms cyber crime, cyber attack and hackers, but we need to make cyber recovery part of the general discussion now too.”