Small businesses in the UK are targeted by an estimated 65,000 attempted cyber attacks every day, according to figures published by global insurer Hiscox.
While most attempts fail, the company said a small business in the UK is successfully hacked every 19 seconds; which can incur large costs for basic ‘clear up’ processes on an annual basis.
The estimates are based on tests undertaken by the insurer, which monitored attempted attacks on three ‘honeypot’ computer systems in real-time.
According to the insurer, almost one-third (30%) of small businesses suffered a cyber breach last year, which equates to more than 4,500 successful attacks per day.
Cybersecurity incidents cost the average small business more than £25,000 last year in direct costs. Businesses predominately allocated these funds to pay ransoms and replace hardware. This, however, is only one aspect of the damage inflicted on small businesses.
Indirect costs, such as damages to reputation and customer-losses can have a devastating impact on companies. Similarly, the insurer said, cybersecurity breaches can also have an adverse impact on a business’ ability to attract future customers; largely due to uncertainty surrounding security practices.
James Brady, Head of Cyber at Hiscox UK & Ireland said small businesses are “hot targets” for cyber criminals and while many businesses acknowledge the risks, they often fail to implement adequate security measures.
“We know small businesses in the UK are hot targets for cyber criminals and these figures highlight the alarming extent of this,” he said. “Most small businesses recognise the threat that cyber criminals pose on a global scale, but are less convinced of the risks facing their own operations.”
Brady suggested that many small businesses consider themselves “too small” to be worthy targets, yet the reality is that cyber criminals are increasingly focusing on these areas due to their complacency and vulnerability.
Hiscox said that when questioned, only 52% of small businesses said they have a “clear” cybersecurity strategy in place to manage the impact of an attack. This, according to the insurer, can “significantly hamper” their ability to detect, manage and prevent security breaches.
Given the importance of transparency and disclosure under GDPR legislation, a concerning number of companies said they could confidently disclose details of a cyber attack to the relevant internal and external stakeholders.
Another alarming statistic from the Hiscox research is that the from those that suffered an attack, a majority (66%) admitted to making no changes to their policies or systems to help prevent future breaches. This, researchers suggested, could explain why more than half of those who’ve suffered a breach are the victim of multiple hacks.
Brady said: “Hackers are prolific and sophisticated, which makes staying on top of cybersecurity a challenge for all organisations.
“With many small businesses lacking credible cybersecurity strategies to help manage and prevent such attacks, however, the impact when they do occur can be disproportionality severe.”