Cyber attacks against small businesses have risen sharply in the past year, research has revealed, as the government published guidance to help small businesses improve their IT security.
Nearly two thirds (63%) of UK small businesses were attacked by an “unauthorised outsider “in the last year, up from 41% in the previous year, according to research by PwC, which was commissioned by the Department for Business, Innovation and Skills (BIS).
Nine in ten (87%) small businesses across all sectors experienced a security breach in the last year. This figure was 10% higher than the previous year and cost small businesses up to 6% of their turnover, according to the research which questioned 1,402 UK organisations of all sizes in the private and public sectors.
Cyber attacks such as denial-of-service attacks, which flood the intended target with large amounts of traffic in an attempt to make it crash, have previously focused on large businesses. But now hackers are increasingly targeting small businesses.
Twenty-three per cent of small businesses were hit by denial-of-service attacks last year – up from 15% a year ago. For large firms, these figures were 39% and 30%.
Cyber attacks are costing Britain billions of pounds a year, the report said. “Overall, the survey results show that companies are struggling to keep up with security threats and so find it hard to take the right actions,” the report said.
Its findings were published as the Government increased support for small businesses to help them protect against electronic attacks.
The Technology Strategy Board has extended a scheme to allow small and medium businesses to bid for up to £5,000 from a £500,000 pot to improve their cyber security by bringing in outside expertise.
BIS has also published guidance to help small firms make cyber security part of their normal risk management procedures.
Universities and Science Minister David Willetts said that protecting electronic information, such as financial information, websites, and intellectual property, was “vital to a business’s bottom line”.
Companies are more at risk than ever of having their cyber security compromised, in particular small businesses, and “no sector is immune from attack,” Willets said.
Plan to protect: five tips for improving IT security
- Consider whether your business could be a target – this will indicate the level of risk your business is exposed to. Ask whether any of your suppliers, major customers or similar businesses in your area have been attacked, so you can learn from their experiences
- Know whether you need to comply with personal data protection legislation and Payment Card Industry compliance
- Identify the financial and information assets that are critical to your business, and the IT services you rely on, such as the ability to take payments via your website
- Assess all the IT equipment within your business, including mobile and personal IT devices. Understand the risks to all of these things by considering how they are managed and stored, and who has access to them
- Decide whether you need to make an investment, or seek expert advice, to get the right security controls in place for your business. You could seek advice from accredited security consultants, internet and managed service providers or even your web designer if they have the capability
Source: Government cyber-security guidance for small businesses.