Sunday 25th February 2018
Home General Business News SMEs 'in denial' on costs of a cyber-attack

SMEs 'in denial' on costs of a cyber-attack

E-mail Print PDF

Three quarters of SMEs don't have a budget to deal with the aftermath of a cyber-attack and of those that have, many too IT focused and have not looked at the impact on other business areas, according to a report The Business of Cyber Recovery,by Ipswich insurer PolicyBee.

A survey of five hundred SMEs showed on ly 19 per cent had put aside funds for cyber-attacks & cyber breaches and their aftermath. Sarah Adams, cyber insurance specialist at PolicyBee, said: “Cyber-attacks are not just an IT problem as they could impact sales, customer relations, reputation and a business's bottom line - especially if there are legal ramifications or regulator fines. SMEs really need to get past this mental barrier that cyber-attacks can be fixed in the server room - they can’t. It takes a whole business to plan ahead, practise for and react to a cyber issue, if you want to come through it unscathed.”

IT items most budgeted for by SMEs for after an attack are:

  • new software
  • new hardwardware
  • hiring an IT expert

demonstrating the IT focus of most SMEs.

Other items that were much further down the budgeting list included:

  • hiring a legal expert
  • cost of being sued by a customer for loss of their data
  • hiring a public relations or social media expert to manage reputational damage
  • cost of being fined by a regulator
  • setting up or hiring call centre staff to deal with customer calls
  • loss of earnings during the attack
  • cost of extortion or being held to ransom

The research from PolicyBee, a cyber-insurance provider, also showed that in the event of a cyber-attack, a third of SMEs believe they'll be able to pass the associated costs onto their third-party IT support/expert.

Sarah Adams continued: “This raises several very interesting points: it is almost impossible to entirely defend a business against a tenacious cyber-attack, and most IT experts will have wording to that effect built into their contracts. And in the event of an attack, most SMEs will be focussed on getting their business back on its feet - their priority will certainly not be suing their IT firm.”

However, despite thirty per cent of businesses believing they will pass on cyber-attack costs to their IT firm, more positively, over half actually have ‘complete confidence’ in their IT support.

Adams concluded: “Cyber-attacks and breaches are pretty costly - the average amount being an eye-watering twenty-six thousand pounds per small business. SMEs really need to step up their preparedness for an attack and have proper systems and importantly budget set aside which will stretch further than just resolving IT problems and help fix the business in its entirety.”