The research revealed that three quarters of companies feel they are currently secure, even though half of respondents had been victims of a cyber attack, and over a quarter had experienced a successful data breach. Contrary to the commonly held belief that smaller businesses are less likely to be targets, the report also found worrying evidence that hackers are now largely indiscriminate on the size of their target.
In fact, according to the research, the belief that small is safe has ‘little basis in reality’. Small businesses are significantly less likely to consider security a problem, though they are statistically just as likely to be attacked and suffer proportionally more harm than larger businesses from a successful breach. The rise of malware attacks suggests hackers have a ‘soft target’ currently presented by SMEs.
Windsor Holden, Head of Forecasting & Consultancy at Juniper Research, who conducted the research, comments: “Cyber security poses a threat to businesses of all sizes. Believing you are either too big, or too small, for a successful attack could cost your business dearly. Our study shows that despite the steep rise in cyber attacks, businesses still believe they are far more secure than they really are, and many still treat cyber security as an IT issue. It’s encouraging that spend on cyber security is going up, but this is largely among businesses who’ve already had a breach, suggesting many don’t wake up to the threat until it’s too late.”
Attacks on businesses have been increasing exponentially for the last 4 years. Over two thirds of businesses had experienced a cyber attack in the last year alone, while over a third of reported attacks have happened in the past 6 months.
So why do companies feel safe when the data suggests they are far from it? Over half of SMEs feel secure because they believe they have the ‘right policies in place’; while over three quarters of all businesses reported having some form of continuity plan in place. Unfortunately, the data also reveals fewer than half have secure practice guidelines to ensure employees know how to keep the business safe; 33 per cent still consider cyber security to be solely a matter for the IT department.
The research frames some high profile cyber attacks in recent years, such as Target, Ashley Madison, TalkTalk and T-Mobile. Businesses are now looking at their approaches to cyber security and data protection and shoring up their defences in response.
John Jones, Managing Director of business security and profit protection company CrimeDeter said: “We are seeing cyber related crime affecting not just the countries largest companies grabbing national headlines, but some of the UKs smaller firms potentially crippling their entire business. Cyber security is a business issue for the whole company and any business that has ever had a cyber attack will tell you that they never expected it, even with all the processes in place. Businesses need to ask themselves what they need to do now to plan and prepare.”