Vistage members could be forgiven for thinking that cyber attacks are something that only happens to large corporations. Not so. Even your blogger has had the tiresome experience of explaining to contacts that I was not trying to sell them weight loss pills, dodgy iPads or time shares in Uzbekistan. Instead, my email account had been hacked. It cost me a morning and some loss of face to sort it all out.
For other small businesses, the costs could be much higher. According to research published today by the Department for Business, Innovation and Skills (BIS), 87 per cent of small businesses across all sectors experienced a cyber security breach in the last year.
The 2013 Information Security Breaches Survey has shown that the average cost of the worst security breach for small organisations was £35,000 to £65,000 and for large organisations was between £450,000 and £850,000. The vast majority of these were through cyber attack by an unauthorised outsider. For the purposes of the survey, small businesses are those with one to 50 employees, and large businesses are those with more than 250 employees.
The key findings were that:
The median number of breaches suffered was 113 for a large organisation (up from 71 a year ago) and 17 for a small business (up from 11 a year ago), meaning that affected companies experienced roughly 50 per cent more breaches than on average a year ago
Several individual breaches cost more than £1 million
78 per cent of large organisations were attacked by an unauthorised outsider (up from 73 per cent a year ago) and 63 per cent of small businesses (up from 41 per cent a year ago)
81 per cent of respondents reported that their senior management place a high or very high priority on security, however many businesses leaders have not been able to translate expenditure in to effective security defences
84 per cent of large businesses report staff-related cyber breaches (the highest figure ever recorded) and 57 per cent of small businesses (up from 48 per cent a year ago)
12 per cent of the worst security breaches were partly caused by senior management giving insufficient priority to security.
What can you do to protect your company from cyber attack? According to Government Communications Headquarters (GCHQ), it is estimated that 80 per cent or more of currently successful attacks can be prevented by simple best practice. This could be steps as straightforward as ensuring staff do not open suspicious-looking emails or ensuring sensitive data is encrypted.
A good starting point is the government’s 10 Steps to Cyber Security. You might also want to look into the Innovation Vouchers Scheme run by the Technology Strategy Board. The scheme allows SMEs to bid for up to £5,000 from a £500,000 pot to improve their cyber security by bringing in outside expertise. BIS is also publishing guidance to help small businesses put cyber security higher up the agenda and make it part of their normal business risk management procedures. Once it’s released, we will shout about it on the Vistage blogs.