Despite the risks, nearly half (49%) of SMEs plan to spend less than £1,000 on cyber security in the next 12 months, leaving them vulnerable to substantial losses
Results from the latest Zurich SME Risk Index have revealed that almost one in six (16%) SMEs have fallen victim to a cyber-attack in the last 12 months, equating to more than 875,000 nationwide*. Businesses in London are the worst affected with almost a quarter (23%) reporting that they have suffered a breach within this period.
Of businesses that were affected, more than a fifth (21%) reported that it cost them over £10,000 and one in ten (11%) said that it cost more than £50,000.
Yet, despite the volume of attacks and potential losses, the survey of over 1,000 UK SMEs showed that business leaders are not committing to investing significantly in cyber security in the coming year. Almost half (49%) of SMEs admitted that they plan to spend £1,000 or less on their cyber defences in the next 12 months, while almost a quarter (22%) don’t even know how much they will spend.
The results show that for businesses of all sizes robustness of cyber security defences is now a genuine concern for winning and maintaining business contracts. A quarter (25%) of medium sized businesses (between 50 and 249 employees), reported that they have been directly asked by a current or prospective customer about what cyber security measures they have in place. This was also true of one in ten (11%) small businesses (less than 50 employees).
As a result, business leaders are reporting that strong cyber security is providing an opportunity to stand out from competitors with as many as one in 20 (5%) claiming to have gained an advantage over a competitor because of stronger cyber security credentials.
Paul Tombs, Head of SME Proposition at Zurich, comments:
“While recent cyber-attacks have highlighted the importance of cyber security for some of the world’s biggest companies, it’s important to remember that small and medium sized businesses need to protect themselves too. The results suggest that SMEs are not yet heeding the warnings provided by large attacks on global businesses.