Small businesses across the UK are losing £3.4 billion a year thanks to inadequate cybersecurity measures, according to new research.
Cyber attacks against SMBs have surged in recent years, analysis from Vodafone Business shows, with more than a third experiencing a cyber incident last year alone.
Meanwhile, 28% had between one and five attempted attacks, and 6% were targeted up to 10 times.
Phishing is still the most prevalent form of cyber attack, the study found, with 70% of firms experiencing attempts to steal sensitive information through email, SMS, phone, or social media.
Ransomware, meanwhile, is hitting nearly a quarter of businesses, and Distributed Denial of Service (DDoS) attacks are impacting one-in-five.
The study highlighted the huge financial impact on small businesses hit by cyber attacks. A single attack costs a small business an average of £3,398, rising to £5,001 for businesses with 50 or more employees.
Notably, more than one-quarter (28%) of SMBs said a single attack could put them out of business.
"SMEs are the backbone of our economy, yet they are losing a staggering £3.4 billion annually due to inadequate cybersecurity," said Nick Gliddon, CEO of Vodafone Business UK.
"In today’s rapidly evolving digital landscape, cyber threats are becoming more sophisticated, and SMEs are increasingly in the crosshairs of cyber criminals."
SMBs need to shake up cybersecurity practices
Despite the security risks faced by SMBs, Vodafone’s research found a concerning number aren’t taking the measures they should. Nearly one-third have no cybersecurity protections in place at all, and almost four-in-ten invest less than £100 a year in security.
Meanwhile, they're taking bigger risks compared to larger enterprise counterparts, with more than half of small business employees having received no cybersecurity training.
Six-in-ten SMBs allow employees to use their own IT equipment when working from home, and a fifth of remote workers have been targeted by cyber criminals.
Government support needed to bolster SMB security
Vodafone Business said it wants to see more funding for the government's Cyber Local scheme, which is currently limited to certain areas of England and Northern Ireland.
Too many SMBs are also unaware of the Cyber Essentials program, the firm said, suggesting that the scheme should be publicized to small business owners during key activities such as tax submissions, employee data reporting, or new business registrations.
For SMBs with over 50 employees, mandatory compliance could be integrated into existing reporting obligations, it said.
Similarly, incentives to invest in cybersecurity should be improved by establishing a dedicated capital allowance that covers both hardware and software, simplifying access to tax reliefs.
Ibrahim Dogus, co-chair of SME4Labour, said the report highlights the huge task faced by both small businesses and government alike to bolster broader cybersecurity capabilities.
“This report highlights how we need to make sure we protect our growing businesses here in the UK, which in turn will protect the livelihoods of working people," Dogus said.
"We at SME4Labour call on the government – who have already made productive steps on supporting SMEs – to support the recommendations of this report."
MORE FROM ITPRO
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
