Cyber Threats to SMEs
I’m not a big fan of FUD – Fear, Uncertainty and Doubt – which is often used when selling, or attempting to sell, cyber security solutions. I’ve always considered it a little unethical and unsavoury. However, there is a clear difference between telling people what they need to know and spreading FUD around to scare up sales opportunities. SMEs, just like the corporate world, need, and deserve, to know the truth about what they are facing. I’m also not a fan of the saying ‘you don’t know what you don’t know’, but it’s sadly true. Being uninformed can lead to complacency which can, in turn, lead to some quite disastrous consequences.
It’s being reported that SMEs experienced a 37% surge in cyber security warnings in 2023. That’s a lot, and whilst there is always a little scepticism about stats, if only because many SMEs will simply not involve themselves in gathering such stats, preferring to keep things to themselves regarding their security, you can argue that 37% is a conservative estimate given that reluctance to take part.
They go on to say that Private sector organisations were hit harder by cyber threats, receiving 18% more alerts than their public sector counterparts. As threat levels rose, IT teams also showed signs of shrinking – the mean size of each security team at the beginning of 2024 was 2.63 people, slightly down from 2.7 people in 2021. And that’s for organisations that can afford their own in house IT whilst most rely on contracted IT management companies, often local and themselves resource challenged.
They report that:
- Two in five SMEs were taken offline – 41% of SMEs had to take systems and applications offline due to an incident over the last year. For one in seven of those (14%), the outage lasted more than a day.
- Data loss hit almost two in five – 39% of SMEs lost data due to a cyber-attack in 2023, a 13% jump since 2021. Nearly a third (30%) of SMEs also lost data due to user error in the last 12 months and 27% lost data due to disgruntled employees.
- One in five fell victim to ransomware – 20% SMEs fell victim to a ransomware attack – although the pace of attack has remained consistent over the last three years.
- 34% paid out after a ransomware attack, with the average pay-out standing at £139,368. And, one in five were subjected to a regulatory fine as a result.
- Nearly a quarter experienced an email attack – 23% of SMEs suffered from an employee opening a suspicious or malicious email that led to a serious attack.
Perhaps one of the most concerning issues for SMEs, is that it was reported that those employing some form of cyber security expertise were requiring their staff to work out of hours regularly in order to keep up with the issues, with 38% having been called at night and 34% having their holiday interrupted. Not hugely surprising as cyber criminals don’t keep regular hours. And of course, as I said earlier, most SMEs don’t employ their own in house staff but rely on IT management company’s and it would perhaps pay SMEs to re-visit their Ts & Cs to see if they have any out of hours coverage, and what it entails.
At least 70% of SMEs are struggling with the plethora of security solutions being sold to them, especially as most of these don’t inter operate with each other and instead, work independently and often overlap. It’s essential that any solutions that are in place complement each other and where they do overlap, it’s for a good and useful purpose, providing belt and braces, requiring some form of reporting that allows us to see that these solutions are doing what we think they are doing. All too often that’s not the case.
Getting advice and guidance, ensuring that you ask the right questions to get your knowledge to the point where you can realistically start to assess where you stand in regard to cyber security, is essential. To that end we are holding a webinar on the 8th of May where we’ll explore some strategies you can adopt to protect your information from cyber threats, providing practical tips and best practices to secure your data effectively, and provide you with a tailored solution specially designed and priced for SMEs. This session is an excellent opportunity to enhance your digital security and protect the data you hold within your network that is critical to the operation of your business and your fiscal security.
You can register via Eventbrite: