Over half of UK SMEs (54%) have experienced some form of cyber-attack in the last year a new report by Vodafone Business has found.
The research, which is published today in a new report from Vodafone ‘The Business of Cybersecurity’, polled over 500 small and medium business owners across the UK and found that more than half (54%) had experienced some form of cyber-attack in the previous 12 months. This is an increase of 15% when compared to similar research conducted by Vodafone two years earlier which found 39% of SMEs had experienced some form of cyber-attack.
The findings point to a rising risk for SMEs to stay safe online, especially with more people working remotely and many businesses reliant on digital technology.
Vodafone’s study also found that one third (33%) of SMEs had seen the number of attempted cyber-attacks against their business increase, whilst just 18% had seen the number go down. About one in five (19%) SMEs said that an average cyber-attack could cost their business up to £4,200, a loss they would be unlikely to bounce back from in the current cost-of-living crisis.
The rise in online attacks comes as ONS (Office for National Statistics) data indicates that more than a third of businesses in the UK now use a hybrid working model. The National Cyber Strategy 2022 has also stated that a growing dependence on digital technologies for remote working and online transactions has “increased exposure to risks”.
Since Vodafone last examined the cybersecurity risks facing SMEs in 2020, the invasion of Ukraine and continuing geopolitical tensions have had an adverse effect on the cybersecurity landscape, prompting the National Cyber Security Centre (NCSC) to warn that: “now is not the time for complacency.”
Despite this, 18% of SMEs polled by Vodafone said their business was not protected with cybersecurity software whilst 5% did not know if they had protection and only 28% were aware of the Government’s Cyber Essentials scheme. The findings echo previous findings Vodafone, such as in last year’s SMEs Like Me report which revealed only 8% of SME business leaders saw cybersecurity as a priority.
To ensure that more SMEs are protected from online attacks, Vodafone is calling on the Government to do more to raise awareness of current initiatives to support the delivery of local cyber security skills. This should include providing the required funding to run a targeted ‘Cyber Safe’ awareness campaign for SMEs.
Andrew Stevens, Vodafone UK Head of Small and Medium Business said: “Last year we outlined the significant and detrimental impact of a cyber-attack on a small business, to the tune of up to £3,230 per attack. This figure has now subsequently risen to £4,200, which is a consequence from which most SMEs would not recover.
“These findings reflect a lack of adequate skills and information to equip small business owners with sufficient protections and whilst we welcome the progress that has been made by Government with the establishment of nine regional Cyber Resilience Centres across England and Wales, it’s clear that more needs to be done to support SMEs with their cybersecurity and help them protect their business online, especially during a cost-of-living crisis where they are most vulnerable.
Tina McKenzie, Policy Chair of the Federation of Small Businesses (FSB) said: “The digital economy presents a huge opportunity for small firms to reach new markets and customers, but these benefits come with challenges. “This report sheds light on how vulnerable small firms become targets of criminals in the cyber space, when they’re often less able to absorb the cost of crime.
“We’re pleased to see a recommendation to raise awareness on cyber resilience among the small business community through relevant Government campaigns included as part of this research.
“We encourage internet service providers to take on more responsibility for cybersecurity, along with software vendors, hardware developers, the banks and other financial intermediaries – they’re the best placed and have the resources to implement the most effective measures.”
The full The Business of Cybersecurity’ report, can be read and downloaded here