More than one million SMEs hit by cyber crime


Date: 6 August 2019

Fishing hook stealing credit card

UK small firms are collectively subject to almost 10,000 cyber-attacks a day, according to new findings from the Federation of Small Businesses.

A new report from the FSB reveals that one in five (20%) small firms say a cyber-attack has been committed against their business in the two years to January 2019. More than seven million individual attacks are reported over the same period, equating to 9,741 incidents a day.

It means that more than a million firms have been affected by phishing, malware and payment scams in the UK. The annual cost of such attacks to the small business community is estimated to be £4.5 billion, with the average cost of an individual attack put at £1,300.

Victims are most frequently subject to phishing attempts, with 530,000 small firms suffering from such an attack over the past two years. However, hundreds of thousands of businesses also report incidences of malware (374,000), fraudulent payment requests (301,000) and ransom-ware (260,000).

Those based in the North West, South East and West Midlands are most likely to be the victims of cyber-attacks, with 25%, 23% and 21% of small businesses in these areas reporting cyber incidences respectively.

Despite the scale of the problem, 35% of small firms have not installed security software over the past two years. Four in ten (40%) do not regularly update software, and a similar proportion do not back up data and IT systems. Fewer than half (47%) have a strict password policy for devices.

"These findings demonstrate the sheer scale of the dangers faced by small firms every day in the digital arena," said Martin McTague, FSB policy and advocacy chairman.

"More small firms are waking up to the threat of cyber crime. It's a threat that's evolving rapidly, but too many small businesses still lack access to the resources and budgets needed to contain it. The government should be doing more to tackle this scourge by enhancing the current policing response - including investing more in cyber upskilling for police personnel as part of its wider recruitment push."

Banks also have a key role to play, he added. "They should be building in as much resilience as possible into banking and payments systems, and made liable for the losses of business - not just consumer - customers when they fall victim to cyber crime. Software providers could also be doing more. Government should be prepared to step in and require automatic patching and updates to be the default option for all software products."

Written by Rachel Miller.

What does the * mean?

If a link has a * this means it is an affiliate link. To find out more, see our FAQs.