Research from PolicyBee has found that 75% of SMEs have no budget set aside to deal with the potential consequences following a cyber-attack.
The study was commissioned by cyber insurance expert Sarah Adams, who says: “Cyber-attacks are not just an IT problem as they could impact sales, customer relations, reputation and a business’s bottom line, especially if there are legal ramifications or regulator fines.”
Planning ahead
There still appears to be a lingering assumption by SMEs that recovering from a cyber-attack can be sorted out in the server room by the IT administrator. In fact, it’s necessary for the business as a whole to plan ahead and practise reacting to a cyber-attack.
After an attack, SMEs are forced to buy new hardware and software and often have to hire an IT consultant with the expertise needed. Much lower down the list of items that SMEs plan for in the wake of an attack are legal costs, the potential of client litigation in the face of lost data and hiring a PR/social media expert to manage any damage done to the company’s reputation.
Confusion over costs
The research also shows that a third of SMEs think that they will be able to get the costs covered by their third-party IT support. However, most IT consultants will have it carefully built into their contracts that they can’t be held accountable for any external cyber attacks that may hit the business they’re contracted to work for.
The impact of a cyber attack on the business is largely under estimated by small businesses, with a marked lack of planning ahead.
How to plan
Cyber-attacks and subsequent breaches can be extremely costly. The average impact on a business is around £26,000 for each small business affected. This is a huge amount for a fledgling business that is concentrating on starting-up. Similarly, it’s a large amount for an established SME to find if they haven’t pre-planned for it within their budgets.
It’s imperative that every small business takes planning for a potential cyber attack seriously. This includes making sure that the company is prepared for the fallout, able to get the business back up and running and soon as possible, and have adequate measures in place in terms of IT.
The single most important action a small business can take to ward off disaster should a cyber attack or data breach unfortunately affect them is to budget appropriately. This means having a standing contingency fund containing a realistic amount of money. It needs to stretch much further than simply resolving every day IT problems and must be sufficient to help get the business back on its feet.
