Small firms lost £785m a year due to cybercrime

By Dr Guy Bunker. 

We have referenced before that cybercrime does not only cost a business financially but can also cost a business in terms or reputation and intellectual property. However research from the Federation of Small Businesses (FSB) this week has found that cybercrime is costing its 200,000 members a combined £785m a year – that’s £3750 for every small business without the other repercussions.

This research very much echoes our own, The Enemy Within, which we published recently. With regards to the scale of those affected – 41% had been a victim of cybercrime. It will undoubtedly become an increasing threat for more businesses as criminals realise the value of intellectual property of businesses. Cyber-criminals are not discerning in their approach and we have seen that small businesses are being targeted just as much as larger ones. With this in mind, businesses of all sizes, not just the large corporates should consider how to prevent an incident as well as what do should an incident occur. The FSB also issued some tips to help businesses protect themselves, including:

  • Implement a combination of security solutions (anti-virus, anti-spam, firewall/s)
  • Carry out regular security updates on all software and devices
  • Implement a resilient password policy (a minimum of eight characters and change them regularly)
  • Secure your wireless network
  • Implement clear and concise policies and procedures for email, internet and mobile devices
  • Train staff in good security practices and consider employee background checks
  • Implement and test backup plans, information disposal and disaster recovery procedures
  • Carry out regularly security risk assessments to identify business critical information and systems and protect them appropriately
  • Carry out regular security testing on your business website
  • Check provider credentials and contracts when using cloud services

Whilst these are all very valid points we think it is important for businesses and all employees to be educated and informed of the changing security threats and risks. This is not a one-off, but should be done on a regular basis. Fortunately this is not a case of all or nothing, look at the threats and prioritise the areas which need action first. Develop a multi-year strategy to improve security in your business – and take help, especially where it is free, whenever you can.

The FSB with their proposed a new national advertising campaign to raise awareness, Action Fraud, is a great start. This also contains a police facility for the reporting of internet fraud and an information hub helping people to protect themselves against hackers and cyber- criminals. Overall the responsibility to take action must lie with the businesses, and not rely on the Government, given that repercussions almost undoubtedly affect the businesses and their employees. We live in interesting times, and while it can be hard for small businesses to afford the time to look at cyber-security issues and preventative measures, it has now become a necessity.