Over half of UK SMEs have experienced some form of cyber-attack in recent months a new report has found.
The research, from a new report from Vodafone – The Business of Cybersecurity – polled over 500 small and medium business owners across the UK and found that more than half had experienced some form of cyber-attack in the previous 12 months. This compares to similar research conducted by Vodafone a year earlier, which found 39% of SMEs had experienced some form of cyber-attack.
About 1-in-5 SMEs said that an average cyber-attack could cost their business up to £4,200, a loss they would be unlikely to bounce back from in the current cost-of-living crisis.
The rise in online attacks comes as ONS (Office for National Statistics) data indicates that more than a third of businesses in the UK now use a hybrid working model. The National Cyber Strategy 2022 has also stated that a growing dependence on digital technologies for remote working and online transactions has “increased exposure to risks”.
Since Vodafone last examined the cybersecurity risks facing SMEs in 2020, the invasion of Ukraine and continuing geopolitical tensions have had an adverse effect on the cybersecurity landscape, prompting the National Cyber Security Centre (NCSC) to warn that: “now is not the time for complacency.”
Despite this, 18% of SMEs polled by Vodafone said their business was not protected with cybersecurity software, while 5% did not know if they had protection and only 28% were aware of the Government’s Cyber Essentials scheme. The findings echo previous findings from Vodafone. 2022’s SMEs Like Me report revealed that only 8% of SME business leaders saw cybersecurity as a priority.
To ensure that more SMEs are protected from online attacks, Vodafone is calling on the Government to do more to raise awareness of current initiatives to support the delivery of local cyber security skills. This should include providing the required funding to run a targeted ‘Cyber Safe’ awareness campaign for SMEs.
Andrew Stevens, Vodafone’s UK Head of Small and Medium Business, said: “Last year we outlined the significant and detrimental impact of a cyber-attack on a small business, to the tune of up to £3,230 per attack. This figure has now subsequently risen to £4,200, which is a consequence from which most SMEs would not recover.
“These findings reflect a lack of adequate skills and information to equip small business owners with sufficient protections, and while we welcome the progress that has been made by Government with the establishment of nine regional Cyber Resilience Centres across England and Wales, it’s clear that more needs to be done to convince SMEs that they need to be investing in cybersecurity to protect their businesses, especially during a cost-of-living crisis where they are most vulnerable.”
Tina McKenzie, Policy Chair of the Federation of Small Businesses (FSB), said: “The digital economy presents a huge opportunity for small firms to reach new markets and customers, but these benefits come with challenges. This report sheds light on how vulnerable small firms become targets of criminals in the cyber space, when they’re often less able to absorb the cost of crime.
“We’re pleased to see a recommendation to raise awareness on cyber resilience among the small business community through relevant Government campaigns included as part of this research.
“We encourage internet service providers to take on more responsibility for cyber security, along with software vendors, hardware developers, the banks and other financial intermediaries – they’re the best placed and have the resources to implement the most effective measures.”