IT disaster recovery, cloud computing and information security news

Small businesses “hugely underestimating impact of a cyber attack”

UK small businesses are hugely underestimating the impact that a cyber attack could have on their reputation and must take steps to protect it, according to the findings of the Small Business Reputation and the Cyber Risk report, published by the Government’s Cyber Streetwise campaign and KPMG.

Despite the vast majority (93 percent) of small businesses surveyed for the report thinking about their company’s reputation frequently or all the time, they aren’t considering how a breach could affect it. In fact, less than a third (29 percent) of small companies surveyed that haven’t experienced a breach say the potential damage a cyber breach could cause is an ‘important’ consideration.

This complacency is misplaced since 83 percent consumers surveyed are now concerned about which businesses have access to their data and whether it’s safe, and over half (58 percent) say that a cyber breach would discourage them from using a business in the future.

This concern is even greater in the supply chain. Recently published KPMG Supply Chain research supports this: 86 percent of procurement departments would consider removing a supplier from their roster due to a breach, highlighting that an attack can have serious short and long term implications. 94 percent of procurement managers say that cyber security standards are important when awarding a project to an SME supplier.
This is reflected by the fact that the majority (89 percent) of small businesses surveyed who have experienced a breach felt the attack impacted their reputation in some way, with 31 percent of those having been breached reporting brand damage, 30 percent reporting a loss of clients and a quarter receiving negative reviews on social media.

Additionally, one in four (26 percent) of those surveyed who have experienced a breach have been unable to grow in line with previous expectations, and almost a third (31 percent) said it took over six months for the business to get back on track. Quality of service is also a risk; those who experienced a cyber breach found it caused customer delays (26 percent) and impacted the business’ ability to operate (93 percent).

The lack of concern around potential reputation damage may be explained by the fact that many small businesses don’t realise the value of their data. The vast majority (95 percent) of small companies surveyed hold data in the IT systems, yet more than a fifth of those surveyed (22 percent) don’t consider it to be commercially sensitive. Even though customer, financial and IP data can be shared with competitors if a company is attacked, just one in five (19 percent) small businesses said they would be immediately concerned about competitors gaining advantage if they were breached.

The report also reveals that many small businesses (51 percent) surveyed don’t think they will be a target for an attack, despite the majority of consumers worrying about the security of their data, especially in the hands of small businesses.

Danny Lawrence, NPCC National Cyber PROTECT Coordinator, said: “A cyber attack may prove so serious that it impairs an organization’s ability to operate and even function longer term. Doing nothing can no longer be an option – small and medium sized businesses place their reputation and existence on the line if they fail to take action. I would encourage all SMEs to consider their cyber security, seek out support from resources available (such as Cyber Streetwise and the Cyber Essentials scheme) and consider making this piece of work a critical part of their business strategies in 2016.”

Cyber Streetwise is encouraging small businesses and consumers across the UK to do three simple things to improve their online security and protect themselves from cyber crime:

* Make passwords stronger with three random words;
* Install security software on all devices;
* Always download the latest software updates.

The UK Government also offers a free cyber security guide, a free online training course for small businesses and the Cyber Essentials scheme to protect against common internet threats. Visit to learn more about the simple steps to stay cyber secure.

Read full survey report here.

Want news and features emailed to you?

Signup to our free newsletters and never miss a story.


A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.