SMEs underestimate the costs of cyber attacks on their business

UK SMEs that have not yet experienced a cyberattack are underestimating the financial impact by almost £85,000 (1), new research from Sky Business shows. Last year, over 73 million malware, phishing and bot attacks were blocked by Sky Business’ SecurityEdge (2) and linked to ransomware expected to rise in line with AIBritish SMEs cannot afford to be unprepared.

British SME decision-makers estimate that they would have to suspend business for an average of four days after a cyberattack. And the companies surveyed that had already experienced an attack in the past estimated the economic loss due to the offline time at £123,984. For SMEs that had never been the victim of a cyberattack, they calculated the loss at £39,633 – a remarkable 68 percent less.

With a difference of almost £85,000 (£84,351), it is clear that SMEs that have so far managed to avoid attacks are drastically underestimating the financial impact of malware, bots and phishing. In fact, one in six (16%) of businesses surveyed do not believe a cyberattack would lead to the closure of their business.

The study also found that there are differences in trust between smaller companies and more established organizations. The longer a company has been around, the less likely it is that a cyberattack would cause the company to close. 25% of companies that have been around for 20 years or more believe that a cyberattack would not shut them down, compared to just 11% of companies between 1 and 20 years.

Other important findings include:

• 21% of companies that have never experienced an attack do not expect to have to close, while 100% of victims fear this.
• 8% of companies that have never been the victim of a cyberattack expect an offline phase to last 8 days or more, compared to just 24% of those that have already experienced such a phase.
• Micro-businesses (those with 1-9 employees) are more likely to underestimate the impact of a cyberattack on their business. Almost a third (29%) said an attack would not lead to the closure of their business. Only a tenth (10%) of medium-sized businesses (those with 100-249 employees) said an attack would not lead to the closure of their business.

Stacey Hill, Director of the Sky Small Business Group at Sky Business, comments: “The risk of cyberattacks for UK businesses is increasing. A fifth (18%) of SMEs we spoke to have already fallen victim to cyberattacks and research shows this number is set to rise rapidly. With previously attacked SMEs estimating average losses at almost £31,000 per day they are forced to close, cybersecurity needs to be at the top of the business agenda. A vigilant defence starts with secure connectivity and small businesses need to ensure this to protect their revenue. Cyber-secure connectivity shouldn’t be complicated. Easily accessible solutions that enable constant protection are critical to helping SMEs mitigate the risk of unauthorised threats.”

One of the most common causes of cybersecurity breaches is the use of public, unsecured Wi-Fi connections, although these are extremely dangerous as cybercriminals can easily access any connected device. When SMBs connect with Sky Business’s SecurityEdge cyber protection, every device connected to their network is protected. SecurityEdge offers small businesses advanced features with enterprise-wide security tailored specifically to their needs.

For average SMBs, security solutions integrated into their connectivity offering can be a simple and effective source of cyber protection.

(1) Study conducted by Censuswide, which surveyed 353 small and medium-sized business decision makers (from companies with 1-249 employees) between 12/04/2024 and 17/04/2024 about their experiences with cyberattacks. Censuswide adheres to and employs members of the Market Research Society. It also adheres to the MRS Code of Conduct and ESOMAR Principles. Censuswide is also a member of the British Polling Council.

(2) Sky Business Data

For more information, please contact:

[email protected]