Small businesses are putting their reputation on the line by underestimating the impact of a cyber attack, according to KPMG.
The government’s Cyber Streetwise campaign and KPMG launched a report this week on the dangers of cyber attacks and urged businesses to take steps to protect their reputations.
In the survey half of small businesses thought it unlikely that they would be a target for an attack, which helps explain why only a third felt “completely prepared” for a cyber security breach.
Just 33% of those surveyed that haven’t experienced a breach said the potential damage a cyber breach could cause was an “important” consideration.
While less than a quarter of small businesses cited cyber security as a top concern, both consumers and procurement managers reported that they would be discouraged from using a business after a public cyber attack.
Up to 83% of consumers surveyed are now concerned about which businesses have access to their data and whether it’s safe, and more than half said a cyber breach would discourage them from using a business in the future.
On the supply chain side, 86% of procurement departments would consider removing a supplier from their roster due to a breach, highlighting that an attack can have serious short and long-term implications.
In total 94% of procurement managers said cyber security standards were important when awarding a project to a small business supplier.
Cyber attacks risk quality of service
The lack of concern around reputation damage could be explained by the fact that many businesses don’t realise the value of their data.
The majority hold data in their IT systems, yet up to 30% of those surveyed don’t consider this data to be commercially sensitive.
Despite the fact that customer, financial and IP data can be shared with competitors if a company is attacked, just 17% of small businesses said they would be immediately concerned about competitors gaining advantage if they were breached.
As a result quality of service is also at risk. Those who experienced a cyber breach found that it caused customer delays (26%) and impacted the business’ ability to operate (93%).
For the those who have experienced a breach, the impact has been long lasting. Since being attacked, more than one in four have been unable to grow in line with previous expectations, and almost a third said it took more than six months for the business to get back on track.
Danny Lawrence, National Police Chiefs’ Council PROTECT co-ordinator for cyber crime, said: “A cyber attack may prove so serious that it impairs an organisation’s ability to operate and even function longer term. Doing nothing can no longer be an option - SMEs place their reputation and existence on the line if they fail to take action. I would encourage all SMEs to consider their cyber security, seek out support from resources available and consider making this piece of work a critical part of their business strategies in 2016.”
George Quigley, a partner in KPMG’s cyber security practice, added: “Small businesses know that their reputation is critical to their success but it seems that many haven’t considered quite how many factors can affect it. Every piece of data in a business can be of interest to a cyber criminal – even if the business itself may not realise it – and with SMEs a key target for this very reason - it’s vital to take steps to protect your data, and with it the trust of your customers and ultimately your reputation.”
Small businesses can do the following three things to improve online security:
- Make your passwords stronger with three random words
- Install security software on all devices
- Always download the latest software updates
Recent research from security software supplier MIRACL also suggested that a cyber attack could cost HMRC billions if it were to lose people’s personal and financial data. It found that three-quarters of Britons would expect to be compensated if their data was stolen from HMRC.
Brian Spector, chief executive at MIRACL, said: “Armed with an individual’s banking and financial history, their employment information, date of birth, address and login details, a criminal could carry out a sophisticated identity theft. For instance, they could potentially take out a mortgage in that person’s name.”
HMRC was in the spotlight recently after the Sunday Times claimed criminals were hacking into people’s online SA returns.
A staff member at the newspaper received notification concerning suspicious activity occurring on her SA account; however HMRC reassured taxpayers and agents that its systems remained secure, and confirmed that there wasn’t a breach in security.
About Robert Lovell
Business and finance journalist