SMEs Unprepared to Recover from an ‘Inevitable’ Cyber-Attack

While the threat of cybercrime is at the forefront of SME owners’ minds, ‘cyber recovery’ is not, according to a new study, The Business of Cyber Recovery, by PolicyBee. Five hundred UK SMEs were asked about their preparedness for cybercrime and its aftermath: one in three believe that a cyber-attack on their business is a matter of ‘when’ not ‘if’, and a quarter believe an attack is ‘likely’.

However:

  • 74% have not put any budget aside to deal with the aftermath.

  • 43% will react if and when a cyber-attack happens and have absolutely no plans in place.

  • Just 14% of all SMEs have a detailed plan which covers all bases and crucially have tested that plan.

Sarah Adams, cyber insurance expert, who commissioned the study for PolicyBee, said: “Large corporates will all have a ‘what if’ plan in place that has been stress tested via a crisis simulation or role play exercise. They will know exactly what to do in the event of a cyber-attack. However, small businesses seem to be chancing their luck and despite expecting to be hacked, aren’t preparing to be prepared.

“The difference between a large and small company is that at least in the short term, no single individual will lose their income in big business – but in a small business, their day to day livelihood could be altered dramatically within a scarily short space of time.”

Businesses in denial

Younger respondents seem more aware of potential cyber risks – as business owners get older they think a cyber-attack is less likely: 22% of 18-34-year-olds think a cyber-attack is unlikely; 41% of 35-54-year-olds and 56% of 55+-year-olds.

Business in the South West and East of England are most in denial of a cyber-attack – those in London and the NE are the most switched on.

Similarly sole traders believe they are least at risk from a cyber-attack: 71% say it is unlikely; 32% of businesses with 10-49 employees and one in five of businesses with 50-249 employees.

Adams continued: “More mature sole traders in the South West and East Anglia seem to be in the most potentially vulnerable group. If you are one of these people, it would be well worth looking at your business’s potential to become the next cyber victim, and how you’d continue to operate afterwards.”

[easy-tweet tweet=”Only 24% of IT businesses say an attack is unlikely ” hashtags=”Security, CyberAttack”]

IT and management consultant firms more switched on to cyber recovery

Interestingly, SMEs operating in the IT and management consultancy sectors had a much more realistic attitude to cyber-attacks:

  • only 24% of IT businesses say an attack is unlikely (48% say likely)

  • 16% of Management Consultants say an attack in unlikely (51% say likely)

According to PolicyBee, who provides cyber insurance and other business insurance to freelancers and small businesses, the study highlights the fact that SMEs are simply too busy running their day-to-day operations.

Adams concluded: “It’s not the usual case that all SME owner-managers are burying their heads in the sand, as the study shows some awareness of the possibility of an attack amongst some groups. It’s more that these busy owner-managers haven’t prioritised any time to deal with the aftermath of an attack. We’re all familiar with the terms cybercrime; cyber-attack; and hackers; but we need to make ‘cyber recovery’ part of the general discussion now too.”

+ posts

Marketing Manager for Compare the Cloud

Unlocking Cloud Secrets and How to Stay Ahead in Tech with James Moore

Newsletter

Related articles

Welcome to More Productive, AI-powered Working Lives

According to content services expert Dr. John Bates, AI...

Cloud Security Challenges in the Modern Era

Organisations already have to store files and data in...

Why I welcome AI software development

Today, I will be taking you on a journey,...

A Practical Guide to the EU AI Act

Disclaimer: This article is opinion-based; please seek legal advice...

Building a Smart City

If you ask me how I picture the future,...