Almost one in five British small and medium sized businesses (SMBs) has been the victim of a cyber-attack in the past year. However, despite this high number, almost 50% have stated that they intend to spend less than £1,000 on defences in the next 12 months.
The latest Zurich SME Risk Index shows that 875,000 of the 5.5 million small businesses in Great Britain (excluding Northern Ireland) were the victim of a cyber security incident in the last 12 months. Companies in London were most commonly affected at 23%.
Despite cyber-attacks becoming more common and increasingly severe only 29% of the companies surveyed said they were planning to spend more than £1,000 on cyber defences in the next year and 22% weren’t sure on how much they would be willing to spend. The attacks cost 21% of the affected businesses more than £10,000, and 11% said that they cost more than £50,000.
Zurich's research shows that cyber defences should be a more pertinent consideration for all businesses, not just the larger companies as they are now a factor in both winning and keeping business contracts.
Increasing numbers of firms are being asked to provide details of their existing protection against cyber-crime. A quarter of companies with 50-249 employees said that they had been asked directly, by either a current or a prospective customer, about their level of cyber security measures. Of those with fewer than 50 employees 11% were asked.
Better cyber defences are also helping smaller businesses beat the competition. Of the 1,000 surveyed, one in 20 firms informed Zurich that they have gained an advantage over a competitor because of the level of their cyber defences.
Paul Tombs, Head of SMB Proposition at Zurich commented: "While recent cyber-attacks have highlighted the importance of cyber security for some of the world's biggest companies, it's important to remember that small and medium sized businesses need to protect themselves too.”
Cyber-security experts, Webroot also conducted research and found that although 90% of companies that their employees were educated on cyber threats, 71% described themselves as ‘not completely ready' to handle an attack.
Tombs added: "The results suggest that SMEs are not yet heeding the warnings provided by large attacks on global businesses."