British SMBs are underpreparing for cyber threats

Almost 20 per cent of firms were affected by a cyber attack in the last year, but half plan to spend less than £1,000 on IT security

Almost half of all British SMBs will spend less than £1,000 on cyber security in the next 12 months, despite almost one in five being affected by an attack in the last year.

The Zurich SME Risk Index shows that 875,000 of the 5.5 million SMBs in Great Britain (ex Northern Ireland) were the victim of a cyber security incident in the last 12 months, with those in London the most commonly affected (23 per cent).

21 per cent of the affected businesses said that the attack(s) cost them more than £10,000, and 11 per cent said that they cost more than £50,000.

Despite the severity and regularity of these intrusions, only 29 per cent of surveyed companies plan to spend more than £1,000 on cyber defences over the next 12 months - and 22 per cent do not know how much they will spend.

Zurich's research shows that cyber defences are now a factor in both winning and keeping business contracts, making them a concern for firms of all sizes. A quarter of companies with 50 - 249 employees said that they had been asked directly, by either a current or a prospective customer, about their level of cyber security measures, as have 11 per cent of those with fewer than 50 employees.

One in 20 firms told Zurich that they gave gained an advantage over a competitor because of the level of their cyber defences.

"While recent cyber-attacks have highlighted the importance of cyber security for some of the world's biggest companies, it's important to remember that small and medium sized businesses need to protect themselves too, said Paul Tombs, head of SMB proposition at Zurich. "The results suggest that SMEs are not yet heeding the warnings provided by large attacks on global businesses."

Recent research by Webroot shows that SMBs are more confident on their cyber defences than they have a right to be, with almost 90 per cent saying that their employees were educated on cyber threats, but 71 per cent describing themselves as ‘not completely ready' to handle an attack.