Small- and medium-sized businesses are losing a staggering £785 million per year to cybercrime, according to a joint report published by the Federation of Small Businesses (FSB) and the Home Office and Business Departments in the United Kingdom.
Despite this, just fewer than 20 percent of businesses admitted that they have taken no steps to harden their organizations against such crime while only 36 percent of businesses are regularly installing vendors’ security patches. On an underwhelmingly positive note, 60 percent of businesses said they actively keep their antivirus software up-to-date.
The FSB is a small business advocacy group with 200,000 members in the UK. In its report, the FSB found that 41 percent of its members had been the victims of a cyberattack in the last year. The average cost of cybercrime-related losses was £4,000 per business. Three out of 10 FSB members were victims of fraud, the two most common types of which were either targeting clients or card not present theft – meaning that criminals used their payment data to make fraudulent purchases.
The most prevalent threat to these businesses was virus infection, which affected 20 percent of businesses, followed by hacking, which affected 8 percent of businesses, and security breaches, which affected 5 percent of businesses.
More broadly, the FSB expressed concerns that cybercrime is damaging the wider economy as small businesses show more reluctance towards conducting business and trading online. Furthermore, because of this trepidation, a third of businesses are conducting sales on their own websites.
In a somewhat archaic fashion, Mike Cherry, the FSB’s national policy chairman, claimed that businesses are also passing on higher revenue because of their refusal to adopt new technologies for fear that there is not adequate protection available to guard them against cybercrime.
In order to help alleviate the cost of cybercrime, the FSB made the following suggestions:
Businesses should implement a combination of security protection solutions, regularly install security updates on all software and devices, maintain a resilient password policy, secure their wireless networks, establish clear policies for email, internet and mobile devices, train staff in good security practices and consider employee background checks, create and test backup plans, information disposal and disaster recovery procedures, conduct regular security risk assessments to identify important information and systems, do regular security testing on business websites, and check provider credentials and contracts when using cloud services.
The report was based on a survey of 2,667 members of the FSB between September 20 and October 3, 2012.