• Direct Line - Business research shows that a quarter of SMEs have fallen victim to a cyber-attack, with one in ten having experienced one within the last 12 months
• On average, cyber-attacks have cost SMEs £4,294 - worryingly two fifths of SMEs hold less than £10,000 in cash reserves
• The most common form of cyber-attack was a phishing attempt, with computer viruses taking second place
• More than four in ten SMEs (43 per cent) perceive human error to be a key concern, while over a quarter (26 per cent) have actually experienced a cyber-attack due to a mistake by an employee
• 70 per cent of SMEs don’t have a specific insurance policy in place to help them recover after a cyber breach

A quarter of SMEs have fallen victim to a cyber-attack, with over one in ten experiencing an attack in the last 12 months, according to Direct Line – Business research.¹

This has cost SMEs on average £4,294, which is alarming given that more than four in ten SMEs (41 per cent) hold less than £10,000 in cash reserves, and 17 per cent have less than £1,000 in the bank.² With cybercrime soaring since the pandemic, these figures suggest a failure to take security seriously could lead to serious financial problems.

All sorts of damage

The impact of cybercrime isn’t just financial. Almost two in ten (18 per cent) reported client relationships had been damaged, while 13 per cent said that the attack had hurt their reputation. Amid a deep recession, jeopardising customer relationships and damaging client trust is not something SMEs can afford.

These attacks are also leading to cultural issues for small businesses. Nearly one in ten (9 per cent) said that their business had suffered long-term productivity losses as a result of the breach. Exactly the same proportion had to take disciplinary action due to human error being responsible for the attack.  

Cybercrime is changing

Cybercrime is diversifying. The most common form of attack was phishing (34 per cent), whereby criminals trick employees into giving away personal information by posing as a reputable company or individual.

Computer viruses and full-scale system hacks were second and third in frequency, while Denial of Service (DDoS) attacks, which flood business systems with traffic to trigger a crash, were responsible for 16 per cent of all attacks targeting SMEs.

Despite the growing threat of cyber attacks and the damage they can cause, an alarming number of SMEs aren’t taking basic steps to protect themselves and ensure in the event of a cyber-attack they can recover.

The insurance gap

A shocking 70 per cent of SMEs don’t have a specific insurance policy in place to help them recover after a cyber breach.

While over half recognise they do not have an insurance policy in place (51 per cent), 19 per cent mistakenly believe that they are covered in the event of a cyber-attack. Of these SMEs, nearly a third (28 per cent) think they are covered by General Small Business Insurance policies – meaning that they could be in for a nasty shock in the event of an attack. With human error a hazard to cyber security, organisations are taking a risk by not taking out cyber insurance, which specifically covers for employee mistakes.

Karneet Chowdhury, Business Manager at Direct Line – Business, commented:

“Our Cyber Insurance offering is designed to give small business owners the cover they need to swiftly take charge and deal with a cyber-attack. It helps SMEs bounce back, covering them against the often-expensive aftermath and the potential setbacks.

“When it comes to reducing the impact of cyber-attacks, providing peace of mind and minimising repercussions for small businesses during this challenging economic period, we’re on it”.

No precautions, no defence

The failure to take precautions doesn’t end there. Even though half of SMEs are aware of an increase in cyber threats since the start of the pandemic, more than two fifths (44 per cent) of SMEs do not have encryption in place to protect sensitive files.

More than four in ten SMEs (43 per cent) see human error as a key concern and more than a quarter (26 per cent) have actually suffered a cyber attack due to a mistake by an employee. Yet exactly the same proportion (26 per cent) do not train staff in basic cybersecurity practices, leaving them dangerously exposed.

Alongside human error, the main reasons SMEs believed the cyberattack they experienced was successful were insufficient firewalls and security systems (39 per cent). More than one in five said that they did not act quickly enough following detection of the breach (22 per cent), while 15 per cent felt that they were just unlucky and had followed all the correct procedures.

Chowdhury added: “Cyber threats have been rising since the pandemic, and our research shows a successful attack has the potential to cripple a small business’ finances at the worst possible time.

“But many aren’t taking the right precautions, such as minimising the risks of human error, encrypting sensitive files and taking steps to ensure their SME can recover in the event of a cyber-attack”.

Poor management

The research also found that SMEs are neglecting the need for good IT management. This could be contributing to their vulnerability to cyber-attacks.

Nearly a third (30 per cent) of SMEs said that no one manages their business’ cybersecurity at all. Small businesses that do manage their cyber protection are not always doing it properly.  Over one in five (21 per cent) said the role fell to someone not in a specific IT role, while nearly one in twenty (4 per cent) leave it to a friend or relative to tackle cyber-related issues, putting someone not necessarily qualified in charge. Only 19 per cent whose cybersecurity is managed by someone in a non-IT-specific role think the individual responsible is an expert. This raises the question of why they’re entrusting them with such an important responsibility.

Cyber Insurance cover

Direct Line’s Cyber Insurance cover will help businesses take control and deal with the fallout of a cyberattack.

The cover will help businesses recover in three ways:

Recover financially

• Covering loss of business income if your systems are attacked
• Covering recovery costs like fixing damage to your computer systems or data restoration
• Covering fines (where insurable by law) and compensation costs.

 

Recover your reputation

• You get access to public relations and crisis management experts to minimise damage to your brand and business.

 

Recover your systems and help prevent future incidents

• Technical experts will help fix your IT issues and provide advice on how to prevent future cyber incidents.

 

For more information on Direct Line’s Cyber Insurance please visit: https://www.directlineforbusiness.co.uk/small-business-insurance/cyber-insurance

For some tips on cybersecurity from an ethical hacker, please visit: https://www.directlineforbusiness.co.uk/small-business-insurance/knowledge-centre/running-your-business/cyber-security-tips-for-businesses

(1)  https://www.directlineforbusiness.co.uk/small-business-insurance/cyber-insurance Opinium survey of 502 senior decision-makers in small businesses, 1^st October - 8^th October 2020

(2)   https://www.directlineforbusiness.co.uk/small-business-insurance/legal-essentials Opinium survey of 502 senior decision-makers in small businesses, 28^th September - 1^st October 2020

ENDS

For further information please contact:

Direct Line Group
Unni Henry
Senior PR Consultant
Tel: 07859 888 026
Email: [email protected]

Eulogy
Michael Hindmarsh
Account Director
Mobile: 07415 396642
Email: [email protected]

About Direct Line for Business

Launched in 2007 Direct Line for Business now has over half a million customer policies, proving a flexible range of insurance products for the landlord, van and small business sectors.

Direct Line for Business insurance policies are underwritten by U K Insurance Limited, Registered office: The Wharf, Neville Street, Leeds LS1 4AZ. Registered in England and Wales No 1179980. U K Insurance Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority.

Direct Line for Business and U K Insurance limited are both part of Direct Line Insurance Group plc.

Customers can find out more about Direct Line for Business products or get a quote by calling 0345 301 4827 or visiting https://www.directlineforbusiness.co.uk