The cost of cyber crime to small business

Robust cyber security practices are becoming essential in today’s economy. As we have highlighted many times previously, cyber attacks are now more prevalent than ever, with one small business now being hacked every 19 seconds. As larger organisations look to fortify their security with expensive deep tech solutions, cyber criminals are turning towards smaller businesses who often lack the necessary resources to protect themselves adequately. Attacks are becoming increasingly common in SMEs, and cyber criminals are no longer focused predominantly on large organisations.

A recent UK government survey reports that 39% of businesses that identify breaches or attacks report a financial loss as a result. The costs of cyber crime to smaller businesses can be substantial, with the average cost of a cyber breach to an SME hitting £11,000.

For those organisations that don’t have the reserves to deal adequately with unexpected events, the consequences can be severe. Cyber magazine reports that 60% of small businesses close within 6 months of falling victim to a cyber attack. Furthermore, the collateral damage can also span far beyond financial loss with victims facing reputational and brand damage, legal proceedings and even personal director liability.

Counting the cost

In the event of an attack, costs may result from direct business disruption or because of the need for unanticipated post-breach remediation work. For SMEs, these costs can be crippling, and may have an amplified effect on operations and business viability.

Costs associated with cyber breaches are varied. Short-term costs may include (but are not limited to) the following:

• Lost intellectual property
• Lost, damaged or stolen data and assets
• Lost revenue resulting from inaccessible payment systems
• Disruption to business operations, and associated costs from delayed fulfilment of contracts
• Legal costs due to failing to comply with law

The long-term costs associated with a breach tend to be even higher as a proportion of the overall cost burden. Longer-term costs can include (but are not limited to) the following:

• Compensation to customers
• PR costs
• Use of external consultants and new hires for remediation
• Training costs to upgrade ineffective working practices
• Upgraded software or IT systems
• Handling of customer complaints
• Loss of share value and business funding

The nature of long-term financial impact is harder to quantify, and the full impact may be hard to measure accurately.

A proactive approach is key to making cyber security affordable for small business

Taking proactive measures is the best way to secure your business financially against the host of threats that exist. Ensuring that you have the appropriate basic preventative measures in place, such as firewalls, backups, and secure passwords, is a great place to start. You can check out our 5 step starter guide to get moving in the right direction. Many of these basic provisions are very affordable and can substantially reduce your exposure.

There are also various industry standard frameworks in place to help guide businesses toward optimal protective measures. It’s important to become as familiar with these as possible, as they are designed to assist small businesses that don’t have the luxury of an in-house security team. Third-party tools like the Arx Standard which can be found on the Arx platform will help your company level-up its cybersecurity processes quickly and effectively, in line with these carefully designed industry protocols. With simple self-guided assessment and remediation advice, there’s no need to be overwhelmed, or out of pocket!

As the threat landscape changes and cyber criminals look to target SMEs, dealing effectively with cyber threats is something that no business can afford to ignore, however small. However, it is possible to take effective steps without breaking the bank. The earlier you take action, the less likely you are to be faced with substantial and unexpected costs that pose a risk to your business.