New research has revealed that major attacks or security incidents are costing SMEs across the UK billions of pounds a year.
A Gallagher study found that “crisis incidents” – which include cyberattacks, extortion, industrial espionage, and terrorism events – hit 1.4 million SMEs in 2018 – a 5% increase from 2017 and representing nearly a quarter (24%) of all SMEs in the UK. These businesses have spent an average of £6,416.50 to deal with these incidents, equating to a combined business cost of £8.8 billion in 2018. What’s more, Gallagher predicts that 57,000 UK SMEs could collapse in 2019 due to an inability to trade following a crisis event
“Our research illustrates the scale of the challenge facing UK SMEs,” said Paul Bassett, managing director of crisis management at Gallagher. “The cost of a crisis is by no means the only consideration. Duration is key — especially with a quarter (23%) of UK SMEs admitting they could survive for less than a month if unable to trade following an incident. For companies with tight margins and limited working capital, even a relatively short-term denial of access to premises or systems paralysis could be a crippling, possibly fatal, blow.”
The study found that the most prevalent crisis experienced by UK SMEs last year was a cyberattack, data breach, or cyber extortion incident, which accounted for 15% of all events. Cyber threats also represented the area of greatest concern for companies in 2019, with Gallagher finding that half (50%) of UK SMEs are most concerned about a cyber crisis taking place this year.
“The prevalence of cyberattacks against UK SMEs has reached a tipping point – companies ignore these risks at their own peril,” said Tom Draper, cyber practice leader at Gallagher. “Ransomware has become relatively commonplace and pay outs to demands are often met simply in order to resume trading. Failure to comply can result in a crippling period of business interruption, which, in many cases, leads to businesses collapsing.”
Draper said that the increasing frequency of cyberattacks only underscores the importance for SMEs to have a plan in place to deal with these incidents.
“The best way to survive – and thrive – in the aftermath of a cyber incident is to have planned ahead, to ensure that you are able to respond swiftly to an emerging crisis, and to purchase effective cover through a broker to protect your assets and provide expert counsel in the event of an incident,” he said.
While having crisis coverage is the first step that SMEs need take to prepare for these incidents, Bassett said that it’s important that businesses should also draw-up post-incident plans.
“We urge all businesses to ensure they have the crisis cover and plans in place to strengthen their ability to anticipate, prevent, respond and recover from a major security incident — but also have access to emergency funds, 24/7 crisis response consultants, post-incident counselling, and business recovery advice, in order to stay solvent and help them and their people recover quickly,” he said.