74% of UK Small Businesses Faced Cyber Security Breach in 2015

Cyber Liability Insurance

As large businesses like Yahoo continue to reel from large-scale cyber security breaches, one aspect of the growing specter of cyber crime has gone under-reported: the increasing threat to small businesses.

Writing for the Infosecurity Magazine, Symantec’s Europe, Middle East and Africa (EMEA) Chief Strategist, Sian John, explains why small business owners need to more concerned about growing cyber security threats to their businesses. “The most worrying change small business owners should be aware of is the deliberate switch in strategy on the part of cyber-criminals,” writes John. That change in strategy? A significant focus on small business owners.

Although large corporation and governmental breaches tend to grab the larger share of news headlines, Symantec finds that small businesses are increasingly become targets for cyber criminals. According to a PwC report for the UK Department for Business, Innovation and Skills (BIS), 74% of small businesses suffered a security breach in 2015, an increase from 60% the previous year. The survey also discovered that the average cost for these breaches ranged from £75k – £311k ($93K – $386K). For a small business, this is a significant portion of yearly revenue.

John notes that PwC’s findings match those of Symantec’s own 2016 Internet Security Threat Report. Not only that, but Symantec discovered that most businesses were underreporting the threat, choosing not to reveal the full extent of their data breaches. Among the quickly growing threats facing companies are spear-phishing threats targeting employees and ransomware attacks.

Perhaps most troubling, in 2015 only 27% of UK small businesses reported having insurance that would cover a data breach. While the importance of Cyber Liability Insurance should not be understated considering the growing cybersecurity threats to small businesses, it appears many businesses, especially in the UK, are still lacking coverage to protect their assets in the case a breach occurs.

John provides a few cybersecurity tips for businesses. These include using two-factor verification for money transfers, regularly updating software and educating employees to avoid clicking on strange links and attachments in emails. Nevertheless, John explains that most businesses should expect a breach at some point. “Today, it’s a question of when, not if, your organization will be targeted,” John writes.