April 12, 2021

Guy Lloyd: The ugly truth – the real cost of cyber breaches to SMEs

Cyber security preparedness is more than a nice to have, an SME’s survival can depend on it. Guy Lloyd at CySure explains why.

Small and medium sized enterprises (SMEs) rarely trigger national headlines for breaches in data security and compliance, not because they aren’t a target but because the monetary impact is small compared to the big corporations. However, breaches are all too common and the while the cost of cyber breaches to SMEs, including the impact to business operations, remediation work and resultant fines, may not run into millions, it can do untold damage. SMEs are agile and lean in their business operations, and so unbudgeted costs can severely impact finances.

Such is the concern about the UK economy’s resilience to cyber attacks that the UK Government recently commissioned a study[i] to analyse the cost of cyber breaches. It found that organisations are being hampered from managing and mitigating cyber risks by a lack of transparency, awareness and understanding of the costs. UK businesses tend to overlook indirect and long-term costs when assessing the impact of a cyber breach. This leaves organisations woefully unprepared for the financial impact, which in the most extreme cases, can spell an end to the business. SME’s in particular are most likely to underestimate the costly impact from non-compliance with cyber security breach-related laws and regulations, therefore leaving them unprepared for any potential fines.

Bumper year for cyber crime

The Coronavirus pandemic has provided cyber criminals with a fertile ground to execute scams and reap a bounty of riches. Attacks designed to steal valuable company and customer information have skyrocketed in 2020. Interpol[ii] reported that in a four-month period some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs, all related to COVID-19 were detected. With many of us working/schooling from home, our concentration levels have been tested to the max. When under pressure and distracted it is easy to click on a phishing email or unknowingly visit a scam website. The rush to remote working has opened up opportunities for hackers and any company with lax security measures makes easy pickings.

Work smarter, not harder

In today’s GDPR world no company can afford to be naïve or negligent about regulatory compliance. Cyber Essentials is the UK Government-backed scheme that aims to help organisations protect themselves against common cyber threats. It offers organisations a way to demonstrate to customers and suppliers a commitment towards cyber security and data protection by achieving an accredited and registered certification standard. It lays the foundation to developing policies and procedures to mitigate against threats that can impact business operations.

Getting started can seem daunting but achieving certification doesn’t have to be. Using an online compliance risk management system that incorporates GDPR and Cyber Essentials Plus is a simple and cost-effective way to achieve certification. SMEs should look for a solution that can guide them through a gap analysis to highlight the business areas to focus on.

Cyber security doesn’t need to be complex, costly or confusing. A low cost, simple set of actions as defined in Cyber Essentials can go a long way to protect against common attacks.

Preparedness in uncertain times

Business confidence comes from understanding the risks involved and the knowledge that should the worse happen it is possible to keep calm and carry on. Being certified with a creditable scheme delivers the assurance that SMEs can demonstrate their commitment and attention to bolstering cyber defences.

Uncertain times can hit when we least expect but the benefit of certification through with help from an information security management system (ISMS) is knowing your business is prepared. Now more than ever we should be celebrating business resilience and preparedness.


[i] Analysis of the full cost of cyber security breaches Report
[ii] Interpol report shows alarming rate of cyberattacks during COVID-19