The Department for Business, Innovation and Skills (BIS) reports in a recent survey on global cyber-crime threats, that small businesses are being increasingly targeted by cyber criminals, particularly because of their generally inadequate security defences.
The study reveals that 31% of all targeted attacks recorded in 2012 were directed at small businesses with less than 250 employees – a threefold increase since 2011.
According to the BIS report, the dramatic increase could be because cyber criminals are attracted when a small firm’s bank account information, customer data or intellectual property are inadequately protected. This situation may be made worse by the fact that small companies often seem to believe that they are below the radar or immune from cyber attacks aimed at them. ‘Small’ does not mean insignificant in terms of potential losses!
The European Union is about to bring in a directive to help tackle cyber-crime, by requiring companies to tell regulators every time they suffer a data breach. The UK Government is concerned at the £27bn cost to the economy of cyber-crime, and whilst it is supportive of the EU directive, it is also concerned that there is an absence of coverage for micro-businesses within it.
The Government is also concerned at the cost of complying with the directive for small companies, and thus the BIS is inviting Small and Medium Sized Businesses (SMEs) to bid for allocations up to £5,000 to help pay for security consultants who could tighten up the security at an individual business. Since the cost of reporting a breach in cyber security is an estimated £85 per time, any extra cash to help with improving data protection and systems security could be most welcome.
The BIS is also going to be providing guidance to SMEs about giving cyber-crime a higher priority within their security arrangements, particularly when one of the worrying aspects is that 57% of the cyber attacks suffered by SMEs could be attributed to staff failures in practice, or even to deliberate malpractice.