Skip to main content
Home » Digital Transformation » Cyber-aware small businesses: protecting yourself online
Digital Transformation 2019

Cyber-aware small businesses: protecting yourself online

Mike Cherry is the National Chairman of the Federation of Small Businesses

Earlier this year, the world celebrated a rather special birthday – no it wasn’t another royal, it was actually the World Wide Web (WWW), which turned the big three zero (30). What started in 1989 has now turned into a place of boundless possibilities that has transformed the way that we communicate, socialise and do business.


Some small businesses have certainly benefited from the digital ‘big bang’ with the platform economy allowing owners to move away from traditional bricks and mortar shops into new and exciting markets across the globe.

Two thirds of small businesses victim to cybercrime

There is a dark and sinister side to this newly gained reach, however. For those small firms making the leap online, they are opening themselves up to relentless and ever-changing cybercrime. Mastercard, Google and Facebook have all fallen victim to hackers putting at risk millions of customers worldwide.

High profile episodes like these may give the impression that smaller firms are immune to such attacks but that’s far from the truth. Despite the vast majority of small firms (93%) taking steps to protect their business from digital threats, two thirds (66%) have been a victim of cybercrime.

Attacks like this, first and foremost, cost small businesses money. Cyber breaches cost the average small business £25,700 while government stats show that the annual cost to business of cybercrime is £21bn a year.

Cybercrime can halt operations

This nefarious behaviour brings more than just a monetary cost, with it taking up time and causing reputational damage. Attacks can force businesses to suspend operations while the problem is fixed. Where customer data has been breached, time will have to be spent dealing with the resulting complaints and resolving disputes. Even if you’re insured, you’ll still have to go through the process of assessing the damage and making a claim.

Despite the risk of cybercrime for our small firms, we still hear of some businesses not being aware of the risks of cybercrime and not taking steps to protect themselves and their customers’ data. Evidence of this came through last year with the introduction of the General Data Protection Regulation (GDPR).

Our research showed that almost a fifth of small firms were unaware of the changes a month before they were due to come into force. This digital awareness gap extends to cybercrime and how it can impact a business.

25% of small businesses victim to ransomware

For a self-employed gardener or someone running their own hair salon, they may well think they don’t have data that is worth stealing. The truth is that data, such as customers’ names, addresses and contact details, is exactly the sort of information hackers are chasing. Phishing was the number one type of cybercrime reported by our members who had experienced a cyber-attack with over half saying this had been committed against their business.

It’s not just about data theft though – small businesses are also targeted for crimes such as extortion (ransomware attacks) or the hijacking of a business’s computer to enable cybercrimes to be committed elsewhere.

A quarter of small firms admitted being a victim of ransomware attack while the same number admitted being hacked.

SMEs need cyber security support from larger firms

Businesses certainly have a responsibility to get ‘Cyber-aware’ but there is a wider need for a joint approach to cybercrime across the private and public sectors. There should be an accepted principle that those best-placed to improve cyber security should do the most.

Internet service providers, software developers, website designers and search engine platforms are all much better placed than individual SMEs or consumers to strengthen cyber resilience.

A good example of this principle in action is tech firms making products more cyber-secure. By building in resilience at the design and development stages, it will reduce the risk for small firms using those products.

We want to see more small firms take the brave step into the digital world and harnessing the transformational power that it can bring. By working together we can make this happen and put an end to keyboard criminals.

Next article