26% of British SMEs hit by ransomware in last 12 months

New research has revealed that  one in four British SMEs surveyed (26%) have been targeted by ransomware within the past year, with almost half (47%) of those falling victim having paid the ransom to regain access to their files or systems. The survey by Avast found that SMEs targeted by ransomware suffered significant ill-effects from cyberattacks: 41% lost data while 34% lost access to devices.

The Russian invasion of Ukraine, and the associated reports of cyber warfare, appear to have acted as catalysts too, creating anxiety among SMBs. In fact, 68% of SMBs surveyed are more concerned* of being targeted and hacked since the invasion began. Worries about cybersecurity generally have led to half of SMBs (50%) investing in cybersecurity insurance, despite costs rising elsewhere.

The research with 1,000 IT decision-makers at small and medium businesses in the UK showcases that British companies view cyberthreats as high risk. Almost half of British SMBs surveyed rank digital security as one of the biggest threats they face (48% compared to 66% for financial risks driven by increased operating costs), and ahead of physical security (35%) and supply chain issues (33%). In some industries such as sales, media and marketing, digital security issues were listed as a bigger risk than increased costs.

SMEs are the bedrock of the UK economy, making up 99.9% of all UK private sector businesses in 2021. However, most SMB leaders (81%) surveyed believe the UK Government should be doing more to support them with digital security and the threat of financial loss, calling out assistance with incident recovery and response (60%) and better and clearer information on cybercrime (58%) specifically.

Despite this though, SMBs are largely well-informed about the risks they face and are taking proactive measures to safeguard their operations. More than two-thirds (69%) of businesses surveyed believe they have enough information to protect themselves against cybercrime despite the perceived lack of government support in this area, with 76% having already taken measures to protect themselves. SMB leaders are also handling the basics of cybersecurity with nearly two-thirds (63%) of those surveyed backing up files at least once a week.

“When it comes to Cyber Safety, we feel a great responsibility to help the most vulnerable groups, not just those who can fend for themselves,” said Lindsey Pyle, Vice President of Strategy at Avast Business. “SMBs are one of these groups. They often have very limited budget and resources, and many don’t have somebody on staff managing security holistically. As a result, not only are they lacking in their defence, but they’re also slower to react to incidents.”

Pyle continues: “The results from this survey highlight the problem, particularly in connection with ransomware which large portions of the small business population are ill-equipped to handle. They often wind-up paying ransoms without any guarantees they’ll get their data back. This is the saddest situation, but the good news is that unlike larger organisations, small businesses can be quick, agile and take advantage of a lack of bureaucracy to plan ahead before a crisis occurs. SMBs need to utilise these strengths to get prepared and to get a plan in place, which at the bare minimum should include implementing online and offline backups, installing an antivirus, setting up network monitoring and ensuring an automated patching regime is established.”

The research was conducted by Censuswide on behalf of Avast with 1,000 IT decision makers from UK SMBs between 14.10.22 to 19.10 22. Censuswide abides by and employ members of the Market Research Society which is based on the ESOMAR principles and are members of The British Polling Council. *Significantly more concerned than before’ and ‘Slightly more concerned than before’ answers combined