Small Businesses: Do You Really Need a Cyber Security Strategy?

Cyberattacks can ruin small businesses. In 2022, the average cost of cyber security breaches in the in the United Kingdom was £1,200 across all businesses. Research in early 2021 found that 41% of UK SMEs had suffered cyberattacks over the previous 12-month period, with 20% experiencing multiple attacks. As many as 1.3 million UK SMEs could collapse completely after falling victim to a cyber-attack.

Christopher Ashton, Cyber Insurance Lead at The Insurance Octopus, emphasises why cyber security is vital for a small business owner…

Unfortunately, a large number of SMEs believe they are too small to be a target of cyber-crime and cyber-attacks.

The worst thing any small business owner can do is nothing. The old adage that it’s never going to happen to my business is no longer a fact as figures show.

In the same way that you would have a marketing strategy to keep your business visible, you need a cyber security strategy to keep not only your data, but – and more importantly, your customer’s data safe.

Prevention is better than cure, so putting in place a strategy makes sense in the long run and ensures that the risks are reduced. Even if an SME doesn’t believe their own business could be at risk, many are part of a wider supply chain so, if they leave their data exposed, they are virtually handing cyber-criminals a stepping stone to reach supplier and customer data.

Where does the reluctance to tackle cyber security come from?

For many, the barriers to put in place a security strategy stems from the perception that they need:

a complex security strategy
expensive technology
investment in time which they just don’t have

In reality, cyber-security really doesn’t have to involve any of the above. Simple steps can improve cyber hygiene for any small business owner.

A quick check list to provide basic protection could involve the following:

Regularly update software and operating systems
Use strong passwords and multi-factor authentication
Develop clear policies for staff to follow
Ensure security tools and software are configured properly.

However, knowledge and awareness of what to look out for in a potential cyber threat is one of the greatest protection measures. Knowing what a phishing email looks like and identifying a malicious link can stop a hack in its track. Ensure your people make informed choices with simple to follow company policies and crucially that they understand why you have these policies in place.

For those small businesses keen to demonstrate their cyber security credentials then it’s worth considering subscribing to Cyber Essentials – a UK-government-backed scheme that aims to protect organisations by showing them how to implement basic security controls.

Overall, it would be misleading to say small companies have nothing to fear from hackers. They can do unrecoverable damage and make off with their prizes without leaving the slightest trace. Whilst your level of cyber security can never be 100%, you’re far from defenceless. Take extra care to read up around the issue, the latest hacking techniques and spend where you need to for that extra piece of mind.

One of the most effective measures you can implement is to get a cyber insurance policy that will protect you against these risks and the legal procedures and additional costs that they usually create.