SME? Don’t assume you’re safe from cyber crime

Written by Nick Grant


Published on 9th October 2018


Last Updated on 27th February 2024


Read time: 5 minutes

cyber typing

What could surprise you however is that it isn’t just global conglomerates that find themselves compromised, and small businesses can fall victim of a cyberattack. Emerging cyber risk and GDPR requirements are complexities that are pushing SMEs to the top of their agenda. Cyber criminal are increasingly targeting not just big companies, but small and medium-sized enterprises (SMEs) as well as charities. Just in the UK, nearly half of the businesses have fallen victim of cyberattacks or security breaches in the last year, according to the 2018 Cyber Security Breaches Survey, and the average cost of a cyber security breach for a micro or small-size business can be up to £2,310.

Small businesses and cyber crime – the stats

  • 17%, fewer than one in five UK SMEs, have modelled or assessed their exposures to rising UK security threats
  • 1 in 2 SMEs say they are not equipped to deal with a crisis situation
  • Only 30% of SMEs have the correct insurance to cover various security threats
  • 44% of SMEs expect to face security threats in the next 12-18 months
  • 43% of the 1000+ SME business leaders surveyed admitted to having no crisis contingency plans

What does the future hold?

Technology is moving forward at a rate that the law cannot always keep track of, and with every technological breakthrough a new form of cyber-crime is likely to be close behind. Plus with the introduction of GDPR this year, organisations can now face fines of up to 4% of annual global turnover, or €20m, whichever is greater, if they fail to secure their data properly. For businesses, now is the time to ensure you have a robust cyber security system in place and an adequate cyber insurance policy to help protect you when a breach occurs.

cyber crime

The impacts of a data breach on your business

A cyber breach may have a significant and long lasting impact on your business – which could affect both your profits and your reputation. In fact, SMEs who experienced a breach have reported that the attack led to brand damage, loss of clients and a reduced ability to win new business. Despite keeping cyber threats as a top concern, 50% of small businesses said they are challenged by a lack of budget, according to the 2018 Hiscox small business cyber risk report.

The aftermath of a breach can also cause issues for businesses, as the recovery period can impact their ability to operate and result in customer delays. In terms of prevention, this report recommends that businesses involve and educate employees at all levels in the business. In fact, cyberattacks might likely to use information stolen from employees who unwittingly give it away (e.g. installing new applications without IT approval, using personal social media for personal reasons or using their personal mobile devices for work).
Small businesses can include intrusion detection and ongoing monitoring on all critical networks in an effort to improve security online. Some easy-implement measures could be encouraging staff to regularly change passwords and don’t settle for easy-to-remember passwords or design a protocol to ensure personal and business data/information is always secure, investing in security and backups or staying up-to-date with all the security systems.

Cyber insurance is more important than ever

Internet-facing organisations are at risk of cyber-attack. Even the most robust security systems might fail to prevent a cyber-attack, as the majority of cyber-attacks are automated and indiscriminate, exploiting human mistakes and vulnerabilities, rather than targeting specific organisations. Companies aren’t facing if they can be attacked, but when they’ll be attacked. This is why having a comprehensive cyber insurance policy is one of the ways to help safeguard your business.

Policies typically cover own out of pocket expenses as well as claims by third parties including:

  • Cyber liability: your legal liability to pay third party claims against you arising from hacking attacks or viruses passed on by you or your cloud computing provider
  • Privacy liability: your legal liability to pay third party claims against you due to a security breach
  • Privacy breach notification costs: including your own expenditure and when you incur costs in notifying third parties about the breach
  • Rectification costs: in order to repair your own system damage
  • Reduction in income: due to a system outage as a direct result of a cyber peril, such as being hacked
  • Legally permitted insurable regulatory actions and investigations: including fines and penalties
  • Cyber-crime: including computer cyber-crime, such as unauthorised electronic funds transfers, identity theft due to fraudulent use or misuse of your electronic identity and cyber threats or extortion where a third party threatens to prevent you accessing your systems, introduces a virus, reveals confidential information, or damages your brand and reputation
  • Telephone hacking: for the cost of unauthorised calls being made by a third party
  • Phishing scams: whether by electronic communications or through your website including the cost of rectification, reimbursing people who are financially disadvantaged in good faith by the scam and any consequent reduction in income

Across all businesses, the costs that a cyber breach can cause are often underestimated. Businesses might assume that either it is unlikely to happen to them or that if it does, the costs will be insignificant when in fact the opposite is often the case. When it comes to cyber security, while it is better to be proactive, increasingly intelligent approaches from cyber criminals’ mean that adequate cyber insurance is more essential than ever before.

If you’re interested in finding out more about cyber insurance or getting a quote then please call Intasure 0844 963 2132 to find out more.

*The opinions and views expressed in the above articles are those of the author only and are for guidance purposes only. The authors disclaim any liability for reliance upon those opinions and would encourage readers to rely upon more than one source before making a decision based on the information.

Nick Grant is a Business Development Manager at Intasure with 10 years of insurance experience.