New research from the Federation of Small Businesses (FSB), the UK’s Home Office and the Business Department shows that 41% of FSB members have been a victim of cyber crime in the last 12 months, putting the average cost at around £4,000 per business. Around three in 10 members have been a victim of fraud, typically by a customer or client (13%) or through ‘card not present' fraud (10%).
For the first time, the FSB has looked at the impact that online crime has on a business. The most common threat to businesses is virus infections, which 20% of respondents said they have fallen victim to; 8% have been a victim of hacking and 5% said they have suffered a security breach.
The FSB said it is concerned that the cost to the wider economy could be even greater as small firms refuse to trade online, believing the security framework does not give them adequate protection. Indeed, previous FSB research shows that only a third of businesses with their own website use it for sales.
"Cyber crime poses a real and growing threat for small firms and it isn't something that should be ignored,” said Mike Cherry, national policy chairman of the Federation of Small Businesses, in a statement. “Many businesses will be taking steps to protect themselves but the cost of crime can act as a barrier to growth. For example, many businesses will not embrace new technology as they fear the repercussions and do not believe they will get adequate protection from crime. While we want to see clear action from the government and the wider public sector, there are clear actions that businesses can take to help themselves.”
At the same time, the report found that a stubborn almost 20% of members have not taken any steps to protect themselves from cyber crime. The good news is that 36% of respondents say they regularly install security patches to protect themselves from fraud, and almost six in 10 members regularly update their virus scanning software to minimize their exposure to online crime.
In response to this, the FSB has developed 10 top tips for small firms to make sure they stay safe online. The recommendations include basics, like implementing a combination of security protection solutions (anti-virus, anti-spam, firewall) and carrying out regular security updates on all software and devices, but also advice to implement a resilient password policy, the implementation and testing of backup plans, information disposal and disaster recovery procedures and the necessity to check provider credentials and contracts when using cloud services.
"I encourage small firms to look at the 10 top tips we have developed to make sure they are doing all they can,” Cherry said. “We want to see the government look at how it can simplify and streamline its guidance targeted specifically at small firms and make sure there is the capacity for businesses to report when they have been a victim of fraud or online crime."
"We know only too well of the importance of securing buy-in from both big and small business in implementing appropriate protection against cyber risks – business success can depend on it,” said David Willetts, MP Minister for Universities and Science, Department for Business, Innovation and Skills. “Increasing security drives growth.”